Mail Server:
SMTP: Simple Mail Tansfer Protocol(简单邮件传输协议);无法实现用户认证,登录邮箱的时候帐号密码,当一个用户声称一个用户身份的时候帐号密码的检测无法完成,当邮件送达到目标服务器以后,邮件怎么存储下来它也无法完成,怎么让用户检索到自己的邮件它仍然无法完成,所以简单,仅仅负责将邮件从发送方传输到目的方;
ESMTP: Extended Simple Mail Tansfer Protocol(扩展的简单邮件传输协议);做了些简单扩展,只不过是原来的邮件传输协议在某些基本功能上还不具备还有所欠缺,这里做一点点补充而已,ESMTP本身就能够实现验证用户本身是否支持身份认证的功能,尽管如此,ESMTP本身仍然无法实现身份认证,它只不过能够实现检测;
POP3: Post Office Protocol(邮局协议第三版)
IMAP4: Internet Mail Access Protocol(互联网邮件访问协议版本四);IMAP4和POP3实现的功能是近似的,它俩有一个就可以了,但是IMAP4实现的功能比POP3要强大,尽管如此它所消耗的资源也比较多,所以众多站点上提供的类似服务都是POP3而不是IMAP4也正是这样的原因;
UUCP: Unix to Unix CoPy
Unix主机互相复制文件协议
SMTP: (25/tcp)能够实现传输路由功能;
C/S
Server Client
smtpd, smtp(sendmail)
SMTP工作方式:
当客户端需要发送一封邮件到另外一个主机的用户的时候,假如说当前所在主机的域叫magedu.com,而目标域叫做a.org, 在a.org域有个用户叫做jerry@a.org,本地有个用户叫做tom@magedu.com,tom希望给jerry发送一封邮件该如何发,很显示需要在本地编辑器写一封邮件,要提供一个文本编辑器,把邮件写好了,写好了就是一个文件,需要把文件内容发送给a.org域内的用户jerry,但是a.org是一个域,它并不是一台主机,jerry肯定是某一台主机上的jerry,而不是域内的jerry,怎么去定位呢,编辑好邮件向外发邮件,怎么发,首先我们知道本地有一个客户端,这个客户端试图要连接对方的服务端,因为你要是能接受邮件你需要是一个服务器,所以对方要有一个服务器端,这个客户端就视图去连接服务器端,连接jerry所在的服务器,那我们通过这个帐号必须要判断对方的服务器在什么地方,首先看它的收件人域,由于这是一个域,接下来我们要像DNS服务器发起查询请求,查这个域内的MX记录,查a.org的MX记录,MX后面通常对应的是一台主机,很可能是mail.a.org,但是mail.a.org还是个域名,由此还要进一步将它解析为A记录,假如说mail的A记录是2.2.2.2,由此通过这次解析就知道了,其实a.org这个域内的确有个邮件服务器主机名叫mail.a.org,而且它的IP地址是2.2.2.2,但是MX记录一个域内也可以有多个,万一对方的域内有多个MX记录怎么办,找优先级高的那台主机,不管怎么的,假如说找到了是2.2.2.2这台主机,于是客户端就视图连接2.2.2.2那个服务器所监听的套接字,smtp是基于tcp协议的,它也先三次握手,然后并看看对方的服务器25号端口在不在线,发送hello信息给它,如果在线双方开始建立连接,开始向对方发送邮件,告诉我是谁,我要发给谁,中间内容是什么等等,对方主机接收下来对方邮件之后,假如对方主机发现要发给的是jerry@a.org,而它发现jerry的确是本机用户,每个用户都有它的家目录,smtp服务器并不是以管理员方式运行的,或者是以管理员方式运行,但是组不是管理员组,这主要为了安全,由此它绝对不能闯入任何一个用户的家目录里面,这也是不允许的,现实生活中怎么收邮件,在小区里面有一排邮筒,每个抽屉都有一个小缝可以把邮件塞进去,当用户回来以后开下锁,把邮件取出来再拿回家,再在家里面看,事实上邮件服务器也是这样工作的,我们一定有一个位置,服务器进程可以访问,每一个用户也都可以访问它自己的邮筒,但是邮递员却可以向每一个邮筒里面塞邮件,所以在这个服务器上一定有一个目录,这个目录里面每一个用户都应该有自己的小邮筒,可以理解为邮箱中转站,当邮件到达之后服务器发现的确是自己本地的用户就开始将这封邮件放到对应用户的邮件中转站,它如何判断邮件中转站呢,谁是谁的,上面写有几排几户几单元几号,上面都有标记,这里也是,每一个用户的文件都跟用户名相同,都是用户同名的文件,问题是有一封邮件来了之后又来一封怎么办,可以像文件尾部继续追加,这是早起mailbox的方式,也有目录的方式,这封邮件就会被放到相应的位置,当某一天用户登录以后它怎么知道自己有没有邮件,我们使用linux的时候有时候老是会提醒有新邮件,那我们就有一个脚本程序,这个脚本会不定期的去检索每一个用户的家目录有没有邮件,如果有新邮件的话它试图会发一封通知信息给当前用户,事实上当前用户也可以周期性的看看,万一有了邮件通过mail命令收邮件就可以了,当使用mail邮件收邮件是怎么收的,把邮件从中转站取出来放到自己的家目录下,邮筒里面就没有了,对于计算机来讲一般不是这样子的,拿走一份可以复制一份过去,早期的过程仍然是模拟现实生活中的,你只要拿走中转站就空了,不能取第二次,用户所看过的邮件都在自己家目录下,当看过邮件以后家目录会生成文件叫mbox的邮件,也就意味着用户所看过的邮件都保存在用户自己家目录下的mbox的文件当中了,从客户端到服务器端之间这段之间用到的协议叫做smtp协议,smtp是简单邮件传输协议,简单到当这个邮件到达服务器方以后,服务器发现的确是在当前主机上的用户就应该把邮件放到用户到邮筒里面,但是这个存放的过程不是smtp协议完成的,smtp仅负责邮件传输,邮件放到用户邮箱里面去不是smtp协议负责完成的,这是另外一个组件完成的,这个组件叫做邮件投递,就像我们邮件一样,现实生活中我们把邮件从北京发往上海以后由上海邮局的邮递员负责挨家挨户的送,所以这是两段式的工作,后一段跟我们的邮件传输就没关系了,是邮件投递的过程,邮件在网上发送叫做邮件传输,而到达目的地以后真正送达到用户个人家的时候这个过程叫做邮件投递,当jerry试图回一封邮件给tom的时候,jerry也在本地打开一个文件编辑器写好一封邮件开始视图像对方发送,这时候的jerry用户在本地使用的是客户端,对方得是服务器,也就意味着tom所在的主机也得有服务器,当jerry写好邮件以后通过客户端去连接对方的服务器端了,当这封邮件传递到magedu.com域以后,在传递之前过程跟刚才一样也得先去解析MX记录对应的主机地址,双方建立联系,tcp三次握手,建立连接,传输邮件,邮件接过来以后发现的确是本地主机tom用户,于是把邮件放到tom的邮箱里面去,当tom登录到主机了,也要取回邮件到自己的家目录,我们在两台主机之间两个用户为了彼此发邮件每一个主机都要有客户端还都要有服务器端,只有拥有服务器的我们才能接收邮件,而拥有客户端的才能向外发送邮件,假如说magedu.com域一个用户tom传递给另外一个用户bob@magedu.com,这是同一个主机上的两个不同的用户,这时候传递邮箱怎么传输,很显然不能说把邮件直接放入对方的家目录下,仍然走的是邮件传输系统,首先通过客户端连接本地的服务器端,本地服务器端怎么处理,直接发现这就是个本地用户,不需要走出去,在本机内部把邮件就送到对应用户的邮筒里面去了,这种邮件称作本地邮件,由此可见服务器要处理两类邮件,一类就是在本地我这个邮件所在辖区内部的,一类是我们这个邮局辖区外部的,内部邮件就没有必要向外发送了,在现实过程中,假如收到很多邮件,有的邮件是发往北京的,有的是发往广州的,还有到台湾的,这些邮件显然不能说通过一个主机,开着一辆车周游世界一圈把邮件送过去,往不同方向的邮件我们要通过不同的发送路径,邮局要将邮件分拣,分拣完以后在同一个方向顺路的就使用一辆车送过去,而另外不顺路被道的就再使用一辆车,只不过邮局系统很简单,它只不过把邮件分为本地和远程的,本地的就在内部解决,如果是远程的都要提醒DNS服务器解析,并且由我们的客户端,如果是本地的直接送到用户的家目录下,如果是远程的我们服务器怎么接收邮件的,每一个用户所使用的工具,编辑邮件的工具,提交发送的工具它就是个客户端,这个客户端它是通过smtp协议将邮件送往本地服务器的,它不是直接联系远程服务器的,而且这个机制也不是smtp工具,而是,像我们的mail命令就可以发送邮件,这个mail命令本身是专门让用户写邮件的,而且能够试图将用户邮件提交并向外发送的,这个工具叫做邮件用户(MU),某一个用户试图向外发邮件的时候,它首先要拿一个可以编写邮件并且能够发送邮件的工具来向外发邮件的,而这个工作我们把它称为邮件用户代理(MUA),而这个人叫做邮件用户,用户每次视图向外发邮件就打开这个代理,这个代理同时会给我们打开一个编辑界面,我们在这里面写好邮件以后,这个邮件并不是直接发往目标服务器的,它先发给,任何一个邮件用户代理都有一个自己所允许提交邮件的目标服务器,这个服务器通常是本地的,假如说就在本机上有一个服务器(smtpd),所以这个用户代理(MUA)写好一封邮件之后,这个邮件就直接被传送给你所指向的邮件服务器,这个服务器通常是本地的,或者你的用户帐号所在的那台服务器的邮件服务器,它不是直接传输给远程了,而由我们的邮件服务器负责分拣,来判定用户用户的邮件到底发往什么地方去,所以它是提供邮件服务的,分拣为两类有本地的和远程的,本地邮件直接放到用户的家目录下去,这个过程称做lmtp(本地邮件传输协议),因为它不向外传输的,如果是远程的分拣完成之后不是本地的邮件,于是我们的smtpd就会调用smtp客户端,smtpd的每一封远程邮件都会调用一次本地客户端,由它去负责连接远程的主机,连接远程另外一台主机的服务器端,让用户能够编写邮件而且能够提交给服务器端的我们叫客户端工具,这个客户端工具被称为MUA,它是个统称,MUA有很多种,能够帮我们接收邮件的服务器端叫做MTA(邮件传输代理),它只是负责传输的,在我们这个过程中,从用户到SMTPD之间过程是通过smtp协议,从MUA到MTA之间是smtp协议,而我们的MTA经过分拣以后发现是本地邮件通过lmtp传送,如果是远程邮件调用本地的客户端再使用smtp协议向对方服务器端传送,当对方服务器接收下来邮件以后发现的确是自己所负责区域内的用户,SMTPD要调用另外一个程序完成邮件的投递,所以投递也不是SMTPD完成的,SMTPD还要再找一个程序,SMTPD将邮件转交给这个进程,由这个进程负责将邮件发往用户的邮筒,由它来负责投递邮件到用户的邮箱里面去,所以本地还有一个程序,这个程序叫做MD(邮件投递),这个系统很复杂,之所以这么复杂那是因为SMTP本身没有相应功能,所以它只好一层一层借助外围其他程序来完成,当我们的a.org域上的jerry用户登录以后,它怎么收邮件,jerry用户登录要想查看收邮件要使用自己的MUA(邮件用户代理),它通过MUA通过邮筒把自己的邮件接收回来查看,查看完成以后并保存自己的家目录,如果要回复一封邮件,MUA先写好邮件,然后提交给自己的SMTPD,SMTPD经过分拣以后发现这不是本地邮件,接下来调用本地的SMTP客户端然后去联系对方的服务器端,在联系对方服务器端之前要DNS解析的,对方的SMTPD接收下来以后发现的确是本地邮件给MDA,MDA接收下来以后投递到用户的邮筒里面,用户登录以后通过自己的MUA接收邮件,假如说邮件从传输方传输到对方主机以后,我们这台主机接收下来邮件发现这个用户不是jerry@a.org,是blair@b.net,而我们这台主机是a.org,它是负责a.org的,而发送方是magedu.com,我们把邮件传递出去了但不是最终目的地,这时候我们的SMTPD收下来以后怎么办,它要先把整个邮件接下来,接下来以后它还要负责向外转发,怎么转发,发现不是本地邮件,于是要调用本地的SMTP客户端转交给它所认为的目标服务器的服务器端,虽然这封邮件到我这里没有任何操作,但毕竟有一点要盖戳上去,在对方服务器看来这封邮件是a.org域发来的,再它看来不是magedu.com发来的,而是a.org发来的,因为跟它建立连接的服务器是a.org的服务器,但是发件人依然是tom@magedu.com,只不过发来邮件那台主机是a.org,发件人和主机之间没有必然联系,现在的问题是这种方式大大的保证了我们的邮件就算被误传了也能够送达到真正的目的地,但是这样以来带来了极大的坏处,世界上第一封垃圾邮件就是这么诞生了,我们自己写了一百万封广告邮件,我也没有建立邮件服务器,我把文件都提交到你的服务器,你的服务器一看不是自己不是目标收件人,它会一个个都转发出去,人家收到以后发现你的邮件服务器是垃圾邮件制造者,它认为你的服务器是垃圾邮件制造者,以后只要你的邮件服务器发来的邮件都拒收,你就被误伤了,我们也是无辜的,无论如何你都帮忙转发,所以我们都把邮件发到你这来,你都帮忙发出去了,人家一看都是垃圾邮件,以后只要是你建立的连接统统拒绝连接,那以后你的服务器发的正常邮件也发不出去了,由此可见像这种能够给别人随意转发邮件的服务器是有被滥用的风险的,由此一般而言像这种功能别人发来邮件我们就向外转发的机制称为叫做open relay(开放式中继),是本地的就接收,不是本地的就转发,这有着极大被滥用的风险的,所以一般来讲我们都不允许给任何人中继,现在不给中继也没关系,现在互联网已经很发达了,我们从源到目的地之间,你就是服务器端,中间不中继,因为你这就是目的地,像这种过程,就不是中继,一般来讲不是中继我们应该无条件接收,因为就是你服务器内的用户,那就无所谓了,我们本来是从magedu.com到b.net的,但你非要发往a.org,a.org是不搭理你的,所以像这种对a.org来讲就是关闭了开放式中继的功能,一般说来现在的邮件服务器必须要关闭开放式中继,不然的话三两天以后你的服务器就成为垃圾邮件服务器,现在互联网上有很多反垃圾邮件的功能,它可以把你加入黑名单,加入互联网一个全球著名的邮件服务器黑名单列表,以后凡是来自你的服务器的邮件统统都被所有人拒收,所以你是个流窜犯,到那那都不接收,但还有一个问题当MUA送给我们本地SMTPD,而我们SMTPD发现目标是b.net域的blair@b.net的,那很显然它为了避免不中继直接将这封邮件发给b.net域的SMTPD服务器,现在问题是这中间有没有中继的过程,有中继过程,只要我们需要分拣,然后发现不是本地的这就叫中继,从MUA到SMTPD之间,这时候我们的SMTPD并不能区别你是MUA来的,还是另外一个SMTP来的,都是客户端,所以当SMTPD接收下来之后它就要分拣,只要分拣发现不是本地域而且要向外发,它要调用SMTP向外发,而这个过程就叫中继,所以这一段也是中继,很显然我们刚才说是要关闭中继的,那一关闭中继本地邮件也发不出去了,那该怎么办呢,那我至少得允许本地用户中继,这就是基于IP的认证,怎么支持本地用户,本地的内网都是本地用户,但是大家应该明白事实上家贼难防,互联网上成功攻击百分之七十都是家贼带来的,我们通过这种方式固然说我们屏蔽了来自其他人的外部主机的中继功能,允许内部主机的中继,但你内网有个家伙偷偷制造一大堆垃圾邮件通过你的服务器发出去,也不是没有任何可能,而且中间没有任何屏蔽都过去了,所以通过这种方式不是最佳的反垃圾邮件机制,那该怎么办,你只要开放给本地了,任何一个人只要进入你的内网它就可以通过你的服务器向外发邮件,要基于用户来认证,要提供帐号密码才允许发邮件,那现在就有问题了,我们说过SMTPD可不管你是谁,你只要往它这发,它看能中继就中继,不能中继就不中继,它可不管你收件人是谁,它从来不管发件人是谁的,不但如此,你说你是谁你就是谁,所以在我们SMTP协议上发件人是可以随意伪装的,不管你是谁,只要你发邮件都行,这有巨大的风险,应该认证用户,谁要到我这发邮件,得先提供帐号密码,但是提供帐号密码以后你说你是谁你还是谁,SMTPD怎么实现用户认证,只有提供帐号密码以后才允许你发邮件,其实SMTPD不支持这种功能,SMTP协议非常简单,简单到不支持认证功能的,它可以给任何人发邮件,后来关闭开放式中继,允许给开放的网段任何人发邮件,只要是网络的都行,我们现在又需要认证,它又没有认证功能,借助于额外的认证功能来实现,这个认证工具它还需要通过一种协议来完成,这个协议叫做SASL,给我们的邮件服务器加了一个层次,基于这个层次就可以实现认证功能了,但是看上去我们说的是个层次,但是它是一种协议,既然是个协议了,就有类似客户端/服务器端,中间要建立通信,要借助服务器端完成某种功能,所有SASL启动起来以后,我们服务器要有SASL的服务器,而这个时候我们的服务器端SMTPD服务器端,它本身内部有个小程序可以自己作为客户端,当某个用户通过我们来发邮件的时候,它通过这个客户端把用户的邮箱帐号提交给SASL服务器,由SASL来验证我们本地有没有这个用户,如果有它就告诉SMTPD服务器这个家伙是合法的你可以相信它,否则它就告诉这个服务器端这个家伙是个来路不明的人,不要搭理它,于是SMTPD就拒绝发邮件了,所以它还要借助于SASL来完成认证功能,有了SASL以后也不用防范这个用户是本地的还是不是本地的,只要有帐号 密码都给你发,于是来自内网外网的用户都皆大欢喜了,公司的用户出差了还照样还可通过用户的服务器发邮件,因为你的地址哪怕是互联网的随机地址只要连接到服务器有帐号有密码我们都可以发邮件了,为什么要用到POP3,POP3拿来干什么的,计算机和网络发展到今天每个用户都不再是大型机上的用户了,而是每个人都有自己的PC机,所以很少说通过终端拿键盘鼠标连到那个服务器上去运行,通常都使用自己的PC机,邮件也都在自己的PC机上写了,写完邮件以后怎么往外发,发其实很简单只要有邮件服务器就可以了,假如公司网络内部有SMTPD(邮件服务器),在这接收邮件呢,我们自己有个PC机,在PC机上要安装MUA,于是用户通过MUA写邮件,而且给MUA配置邮件服务器是公司内部的SMTPD(邮件服务器),于是就执行SMTPD了,我们的SMTPD应该给本地客户端中继或者是本地客户端可以提供帐号密码也能通过SMTPD发邮件了,此时我们已经发现客户端和服务器端哪怕是本地的也不是同一台主机了,邮件通过SMTPD向外发送,SMTPD发现不是本地要通过SMTP向外中继,中继也没有任何问题,这个邮件到达目的地以后,先连接对方的SMTPD服务器,对方的SMTPD服务器收下来以后,假如说已经到目的地了,要通过MDA投递,投递到那去,假如对方也有PC机,用户的MUA也在它的PC机上,我们用户也不用登录服务器了,那就意味着在服务器上可能没有帐号,没有帐号我们本地服务器发现没有这个人,没有这个人邮件没办法投递,很显然服务器必须要有这个人,也是它有个帐号,假如它的帐号邮筒也在这,它也有自己的家目录,那也就意味着我们把邮件投递到用户邮箱里,用户要想收邮件怎么办,要不要登录服务器,我们此前的做法用户登录服务器,通过本地的MUA,服务器上的MUA到邮箱里面收邮件,MUA查看以后保存到家目录里面,现在问题是那就意味着用户必须要使用帐号密码远程登录上来,使用SSH,这就意味着每个用户没事都要看邮件都要远程登录到服务器上去,没有这样收过邮件,而且这样子也非常麻烦,那该怎么做,没账号邮件不可能接收下来,也不可能投递到用户邮箱里面,第一把邮件放到服务器上给用户一个帐号,让用户登录进来不合适,第二直接把邮件发往用户,用户有自己的SMTPD,这不现实,用户要有域名、有MTA、还得24小时在线,邮件发过来你不在线,重试两下之后联系不上,就不再发了,这个邮件就被丢弃了,丢弃了就意味着你收不到邮件了,这显然也不合适,没办法必须要找个服务器24小时在线给我们收邮件,而且我们在这个服务器上的确有帐号,所有的邮件已经放到我们邮箱里面去了,但是用户怎么收邮件,又不允许用户登录到我们服务器,尤其是公共的,我们显然没有登录126的服务器,SSH到,也没有SSH到雅虎的服务器,但是照样能够收邮件,怎么收的呢,所以为了避免用户登录进来才能收邮件这种机制,怎么办呢,再装一台服务器进程,这个服务器能干什么呢,它能够让用户来自PC机的客户端提供一个帐号和密码,帐号密码就是建立的帐号,这个服务器在验证用户的帐号密码以后,只要发现这个家伙的的确确我们在这个服务器上有用户的帐号,它去负责帮忙把这个邮箱从邮筒里面拿出来并且再返回给客户端,尤其我们不用登录服务器,你只需要把帐号密码告诉对方的服务器,而这个服务器能够负责帮你检索,对于任何一个用户身份来讲那一个用户来找这个服务器,这个用户就以谁的身份找邮件,所以jerry通过自己的帐号密码发给这个服务器,这个服务器就拿着jerry的帐号密码去找jerry的邮箱,如果是buler就拿着buler的帐号密码找buler的邮箱,所以在某个用户请求只代表某一个人,这是怎么实现的呢,每一个用户来访问只要同时都能访问,我们每个请求都有一个进程来响应,或者一个线程来响应,我们web服务器这么做的,prefork模型下,多用户并发都要涉及这种机制,只要有i/o并发,只要有多个用户同时连进来了,要么是一个进程一个用户,要么是一个线程一个用户或者是一个线程多个用户,一个线程多个用户的时候对这个机制可能是不适合,事实也是适合的,只要有机制合适就行,反正不管怎么讲,假如说我们这个服务器可以给N个人提供服务,每个人都有自己的PC机和MUA,当我们视图去连接这个服务器的时候,这个服务器事实上是生成一个子进程来响应它的,第一个子进程来响应第一个用户的请求,由此邮件取出来以后MUA就可以收邮件了,从此以后用户再也不用登录服务器,而像这个它能够代替用户到邮箱里面检索出来邮件并传递给用户的这样程序叫做MRA(邮件检索代理),这个协议用的就是POP3协议,收邮件用的是POP3协议,或者IMAP协议,传输邮件用的是SMTP协议,为了避免用户每一次收邮件都得使用MUA,而是只需要提供浏览器就能够完成所有的工作,如果用户没有MUA怎么收邮件,只有浏览器,在我们的邮箱服务器上还要建立web服务器,提供web服务器以后,很显然客户端通过浏览器连上来,跟web服务器建立关联性,但是web服务器主要的目的是给用户提供收邮件、编写邮件、发邮件界面的,所以要使用动态程序PHP、perl、python都行,开发一个能够跟用户MUA一样的界面,能够提供编辑器编写邮件,还可以发邮件这样一个程序,这个程序只是展示给我们界面,当发送的时候可以直接递交给SMTPD,或者直接递交给SMTP,它是之间调用本地的SMTP客户端叫做sendmail,由这个客户端去联系SMTPD服务器端,有可能是本地服务器,也有可能是远程服务器,如果说我们的SMTPD本身就能够直接判定是远程还是本地的话,有可能他就直接连接远程服务器去了,假如对方回复一封邮件过来了,这封邮件要投递到用户邮筒里面去,当用户的邮件放到用户邮筒里面以后,我们的web本身能够借助于本地程序也能够完成到用户的邮筒里面检索邮件的,或者借助于的POP3服务器去检索邮件,它作为POP3的客户端,但是它应该以谁的身份去检索,每一个用户在登录web的时候要验证身份,提供的这个帐号密码将会被web拿来去联系POP3服务器,由POP3帮忙把邮件检索回来返回给web,由web在通过浏览器看到,而这种机制称作WebMail,为了保证邮件服务器的安全性我们的SMTPD需要检索用户的帐号密码,不过它要借助于SASL,我们的POP3服务器也需要验证用户的帐号密码,如果不验证任何人都可以冒名顶替去看别人的邮件了,它也要做身份认证,现在的问题是这个用户到底该是什么用户呢,像126邮箱有上亿个用户,它的公共邮箱服务有上亿个用户,这些用户难道都是系统用户,我们把帐号都建立到/etc/passwd上不合适,如果有一种机制能够快速的帮我们检索数据要简单的多,这时候放在/etc/shadows中不是不行而是不可行的,当数据量非常大的时候简单通过文件管理数据是不理想的,就要靠一个能够管理数据系统就可以了,能够管理数据的系统mysql就可以,关系型数据库可以,所以这时候将用户的帐号放在mysql库中某一个表里面,检索有没有用户的时候通过数据库来完成,而不是要把整个文件载入内存来完成,数据库服务器的检索机制可以根据索引来检索,这速度要快的多,而且不用载入所有数据,但是尽管如此当用户量超大的时候数据库服务器的检索依然是慢的,有一种协议在实现用户检索的时候速度是巨快无比,比mysql数据库还要快一个数量级,可以快10倍左右,这是ldap(轻量级目录访问协议),ldap把数据按照目录格式进程组织,而且它的检索速度是无与伦比的快,但是ldap并非都是好处,它有个缺陷,比起来mysql这样关系型数据库来讲读的速度非常快,但是写的速度非常的慢,写的速度要比关系型数据库慢一个数量级,所以ldap最适合于这样场景,一次写入多次读取,像用户的帐号建立的时候建立一次就可以了,以后大量的时候用户一登录又读取,这种场景最适合ldap,如果量级不是特别的大MySQL也足以完成所有工作,MySQL管理起来要比ldap简单,ldap到今天为止不是特别的成熟,但尽管如此当我们一个非常大规模的用户帐号系统,包括资源检索系统、服务信息系统通常都要使用ldap协议,到今天为止我们操作系统对ldap这种协议实施最好的是windows server,因为ldap非常复杂、概念也非常复杂、用起来也很复杂,在量级不够的情况下部署ldap到也没有必要,但是windows本身在实现将这个非常困难系统做成图形化的方式走在了linux前面,现在意味着完全可以将用户帐号放在跟操作系统无关的位置,将用户帐号放在表里面,这个帐号只是访问邮箱帐号,这种用户称为虚拟用户,这个用户是不存在的不能访问系统资源仅仅只能够某个服务的用户,现在的问题是我们的POP3服务器可以自己去查mysql数据库找帐号和密码,很多POP3服务器就有访问mysql驱动,也有ldap的访问驱动,它能够直接去找mysql服务,或者找ldap服务器去完成帐号密码的验证,SMTPD没有这个功能,它要借助于sasl,而事实上sasl本来验证用户是到系统,sasl它假设每个帐号都是系统帐号,它事实上是到/etc/passwd和/etc/shadows中找用户帐号的,因此它本身也没办法实现到mysql中找用户帐号的,还要给它在补充额外的功能,要再给它附加一个组件,这个组件能够让sasl把请求提交给这个组件,而这个组件却可以连接mysql,至此为止一个基本的邮件服务器完成了;
邮件传输: MT
邮件投递: MD
邮件用户: MU
MUA: Mail User Agent(邮件用户代理),让用户能够编写邮件的工具;
MTA: Mail Transfer Agent(邮件传输代理)
MDA:Mail Delivery Agent(邮件投递代理)
MRA: Mail Retrival Agent(邮件检索代理)
Open Relay: 开放式中继,是本地的有接收,不是本地的转发;
SASL: Simple Authintication Secure Layer(简单认证安全层),给我们的邮件服务器加了一个层次,基于这个层次就可以实现认证功能了;
WebMail
LDAP: Lightwight Directory Access Protocol(轻量级目录访问协议)
MySQL:
虚拟用户: 仅用户访问某服务的数字标识;
用户: 字符串,凭证
[root@localhost ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg install.log php-5.4.13
apr-1.4.6 install.log.syslog php-5.4.13.tar.bz2
apr-1.4.6.tar.bz2 libmcrypt-2.5.7-5.el5.i386.rpm phpMyAdmin-3.5.1-all-languages.tar.bz2
apr-util-1.4.1 libmcrypt-devel-2.5.7-5.el5.i386.rpm xcache-3.0.1
apr-util-1.4.1.tar.bz2 mhash-0.9.2-6.el5.i386.rpm xcache-3.0.1.tar.bz2
httpd-2.4.4 mhash-devel-0.9.2-6.el5.i386.rpm
httpd-2.4.4.tar.bz2 mysql-5.6.10-linux-glibc2.5-i686.tar.gz
[root@localhost ~]# mail(收发邮件)
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 2 messages 2 new
>N 1 logwatch@localhost.l Wed Sep 30 11:56 43/1630 "Logwatch for localhost.localdomain (Linux)"
N 2 logwatch@localhost.l Wed Sep 30 19:16 44/1656 "Logwatch for localhost.localdomain (Linux)"
& 1(查看序列号为1的邮件)
Message 1:
From root@localhost.localdomain Wed Sep 30 11:56:39 2015
Date: Wed, 30 Sep 2015 11:56:39 +0800
To: root@localhost.localdomain
From: logwatch@localhost.localdomain
Subject: Logwatch for localhost.localdomain (Linux)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Wed Sep 30 11:56:39 2015
Date Range Processed: yesterday
& q(退出)
Saved 1 message in mbox(保存信息到mbox)
Held 1 message in /var/spool/mail/root
[root@localhost ~]# ls(查看当前目录文件及子目录)
anaconda-ks.cfg install.log mysql-5.6.10-linux-glibc2.5-i686.tar.gz
apr-1.4.6 install.log.syslog php-5.4.13
apr-1.4.6.tar.bz2 libmcrypt-2.5.7-5.el5.i386.rpm php-5.4.13.tar.bz2
apr-util-1.4.1 libmcrypt-devel-2.5.7-5.el5.i386.rpm phpMyAdmin-3.5.1-all-languages.tar.bz2
apr-util-1.4.1.tar.bz2 mbox xcache-3.0.1
httpd-2.4.4 mhash-0.9.2-6.el5.i386.rpm xcache-3.0.1.tar.bz2
httpd-2.4.4.tar.bz2 mhash-devel-0.9.2-6.el5.i386.rpm
提示:mbox文件是保存在用户家目录的邮件;
MTA: 邮件传输代理,SMTPD服务器
sendmail, UUCP
单体结构, SUID, 配置文件语法(m4编写)
qmail
postfix: 模块化设计, 安装, 跟sendmail兼容, 效率高
exim: MTA
Ex
Exchange (windows, 异步消息协作平台)
SASL: V2
cyrus-sasl
courier-authlib
MDA: 邮件投递代理
procmail
maildrop
MRA: 邮件检索代理(pop3, imap4)
cyrus-imap
dovecot
MUA: 邮件用户代理
Outlook Express, Outlook
Foxmail
Thunderbird
Evolution
Mutt(文本界面)
Webmail:
Openwebmail(perl研发)
squirrelmail(php研发)
Extmail(Extman)
EOS, CentOS
Postfix + SASL (courier-authlib) + MySQL(发邮件服务器,基于mysql实现虚拟用户)
Dovecot + MySQL(收邮件,基于mysql实现虚拟用户)
Extmail + Extman + httpd(webmail)
postfix: rpm(红帽提供的不支持sasl基于虚拟用户认证)
www.postfix.org(postfix的官方站点)
smtps
pop3s
imaps
明文传输: smtp --> SMTPS(不怎么实用)
pop3s
postfix的配置文件:
postfix模块化:
master(核心进程):/etc/postfix/master.cf主进程配置文件,用于控制启动其它进程;
mail: /etc/postfix/main.cf主配置文件,整个邮件服务所有其它真正实现邮件功能进程的配置文件;
参数 = 值: 参数必须写在行的绝对行首,以空白开头的行被认为是上一行的延续
postconf: 配置postfix
-d: 显示默认配置
-n: 修改了的配置
-m: 显示支持的查找表类型
-A: 显示支持SASL客户端插件类型
-e PARMATER=VALUE: 更改某参数配置信息,并保存至main.cf文件中
邮件发送的时候从客户端到服务器端之间发送过程如何进行:
我们的邮件从客户端smtp发往服务器端smtpd的时候,中间它本身使用tcp协议,但是本身就像http一样,它也有自己的报文格式,首部、起始行、首部域、请求主体、响应主体,smtp协议要发送邮件也得有响应的客户端服务器之间实现数据交互的指令,这个指令怎么进行,当三次握手完成之后,客户端开始向服务器端发起请求,第一步先看服务器到底在不在,发送一个hello信息,如果服务器在线,服务器发送回应报文,客户端开始发邮件,于是向服务器端发起连接请求报文,并告诉服务器要发邮件,发送mial from信息,邮件的发件人是谁,smtp并不验证发件人的真假,服务器告诉客户端发件人已被接受了可以输入收件人信息,于是就进入了下一步,下一步要使用rcpt to命令告诉服务器收件人是谁,服务器收到以后,收件人是不是本地的将决定了是否要中继邮件,如果最终的收件人就是本地服务器上的用户,这时候就到目的地了,不用中继,否则要中继,开放式中继很不安全,现在基本服务器都关闭了,只给自己配置了的客户端中继,如果发现邮件收件人不是本地负责的用户,是另外一个域的用户,而你这个主机来源的客户端又不是我所允许给你中继邮件,拒绝收件,否则告诉它收件人已被接受,所以收件人至关重要,就靠收件人判定是不是中继邮件,因此绝大多数的限制也都在收件人这里生效,发件人也有了收件人也有了,接下来邮件正文,使用data告诉服务器邮件正文内容,发了很多行服务器怎么知道哪一段是邮件正文,必须有一个空白行,这个行里面只有一个.点符号,这表示正文结束,可以向外发送了,接下来告诉用户邮件已被接受并且开始向外发送了;
smtp报文原语:
hello
mail from
rcpt to
data
.
smtp状态码:
1xx: 纯信息
2xx: 正确
3xx: 上一步操作尚未完成,需要继续补充
4xx: 暂时性错误
5xx: 永久性错误
smtp协议命令:
helo (smtp协议)
ehlo (esmtp协议)
mail from:(指明发件人是谁)
rcpt to:(指明收件人是谁)
alias: 邮件别名
abc@magedu.com: postmaster@magedu.com(发给abc@mageud.com的邮件都转给postmaster@magedu.com)
/etc/aliases --> hash --> /etc/aliases.db邮件别名配置文件
# newaliases(将/etc/aliases散列为/etc/aliases.db文件命令)
postfix默认把本机的IP地址所在的网段识别为本地网络,并且为之中继邮件;
一、安装前的准备工作:
安装前说明:邮件服务依赖于DNS服务,请事先确信您的DNS服务已经为邮件应用配置完成。
1、安装所需的rpm包,这包括以下这些:
httpd, mysql, mysql-server, mysql-devel, openssl-devel, dovecot, perl-DBD-MySQL, tcl, tcl-devel, libart_lgpl, libart_lgpl-devel, libtool-ltdl, libtool-ltdl-devel, expect
2、关闭sendmail,并将它的随系统自动启动功能关闭:
# service sendmail stop
# chkconfig sendmail off
3、安装以下开发所用到的rpm包组:
Development Libraries
Development Tools
方法:
# yum groupinstall "packge_group_name"
二、启动依赖的服务:
1、启动mysql数据库,并给mysql的root用户设置密码:
# service mysqld start
# chkconfig mysqld on
# mysqladmin -uroot password 'your_password'
2、启动saslauthd服务,并将其加入到自动启动队列:
# service saslauthd start
# chkconfig saslauthd on
三、安装配置postfix
# groupadd -g 2525 postfix
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# groupadd -g 2526 postdrop(postdrop主要实现邮件投递)
# useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
# tar zxvf postfix-2.9.3.tar.gz
# cd postfix-2.9.3
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'(CCARGS指定编译选项,通过这种方式指定连接到那去,主要告诉编译器到哪找系统的头文件,AUXLIBS辅助的库文件,告诉编译过程到哪去找相应额外的库文件的,通过这种方式告诉postfix要启用那种功能,DHAS_MYSQL启动mysql的连接功能,-I/usr/include/mysql到哪找mysql的头文件,-DUSE_SASL_AUTH启用sasl认证,-I/usr/include/sasl到那找sasl的头文件,-DUSE_TLS让支持smtps协议,让postfix支持TLS,AUXLIBS到哪去找辅助的库文件,-lmysqlclient到那找mysql客户端库文件,-lz压缩库文件,-lm模块文件,-lssl ssl的库文件,-lcrypto加密库文件 )
# make
# make install
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'
按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值,省略的表示采用默认值)
install_root: [/] /(默认安装路径,装在根下配置简单,虽然删除起来卸载麻烦点,为了跟后面的脚本配置起来更容易,跟其他系统配置起来更容易)
tempdir: [/root/postfix-2.9.3] /tmp/postfix
config_directory: [/etc/postfix] /etc/postfix
daemon_directory: [/usr/libexec/postfix]
command_directory: [/usr/sbin]
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no]/var/www/html/postfix
manpages: [/usr/local/man]
readme_directory: [no]
生成别名二进制文件:
# newaliases
2.进行一些基本配置,测试启动postfix并进行发信
# vim /etc/postfix/main.cf
修改以下几项为您需要的配置
myhostname = mail.magedu.com
myorigin = magedu.com
mydomain = magedu.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8
说明:
myorigin参数用来指明发件人所在的域名,即做发件地址伪装;
mydestination参数指定postfix接收邮件时收件人的域名,即您的postfix系统要接收到哪个域名的邮件;
myhostname 参数指定运行postfix邮件系统的主机的主机名,默认情况下,其值被设定为本地机器名;
mydomain 参数指定您的域名,默认情况下,postfix将myhostname的第一部分删除而作为mydomain的值;
mynetworks 参数指定你所在的网络的网络地址,postfix系统根据其值来区别用户是远程的还是本地的,如果是本地网络用户则允许其访问;
inet_interfaces 参数指定postfix系统监听的网络接口;
注意:
1、在postfix的配置文件中,参数行和注释行是不能处在同一行中的;
2、任何一个参数的值都不需要加引号,否则,引号将会被当作参数值的一部分来使用;
3、每修改参数及其值后执行 postfix reload 即可令其生效;但若修改了inet_interfaces,则需重新启动postfix;
4、如果一个参数的值有多个,可以将它们放在不同的行中,只需要在其后的每个行前多置一个空格即可;postfix会把第一个字符为空格或tab的文本行视为上一行的延续;
四、为postfix提供SysV服务脚本/etc/rc.d/init.d/postfix,内容如下(#END 之前):
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
# END
为此脚本赋予执行权限:
# chmod +x /etc/rc.d/init.d/postfix
将postfix服务添加至服务列表:
# chkconfig --add postfix
设置其开机自动启动:
# chkconfig postfix on
使用此脚本重新启动服务,以测试其能否正常执行:
# service postfix restart
此时可使用本地用户测试邮件收发了。
[root@localhost ~]# yum list all | grep mail(查看yum源列表将结果送给管道只显示mail相关)
Unable to read consumer identity
fetchmail.i386 6.3.6-4.el5 installed
mailcap.noarch 2.1.23-1.fc6 installed
mailx.i386 8.1.1-44.2.2 installed
procmail.i386 3.22-17.1 installed
sendmail.i386 8.13.8-8.1.el5_7 installed
ant-javamail.i386 1.6.5-2jpp.2 Server
classpathx-mail.i386 1.1.1-4jpp.2 Server
classpathx-mail-javadoc.i386 1.1.1-4jpp.2 Server
mailman.i386 3:2.1.9-6.el5_6.1 Server
sendmail-cf.i386 8.13.8-8.1.el5_7 Server
sendmail-devel.i386 8.13.8-8.1.el5_7 Server
sendmail-doc.i386 8.13.8-8.1.el5_7 Server
squirrelmail.noarch 1.4.8-5.el5_4.10 Server
system-switch-mail.noarch 0.5.25-13.el5 Server
system-switch-mail-gnome.noarch 0.5.25-13.el5 Server
[root@localhost ~]# yum list all | grep sasl(查看yum源列表将结果送给管道只显示sasl相关)
Unable to read consumer identity
cyrus-sasl.i386 2.1.22-5.el5_4.3 installed(核心组件,服务器端)
cyrus-sasl-devel.i386 2.1.22-5.el5_4.3 installed
cyrus-sasl-lib.i386 2.1.22-5.el5_4.3 installed
cyrus-sasl-plain.i386 2.1.22-5.el5_4.3 installed
cyrus-sasl-gssapi.i386 2.1.22-5.el5_4.3 Server(认证机制)
cyrus-sasl-ldap.i386 2.1.22-5.el5_4.3 Server
cyrus-sasl-md5.i386 2.1.22-5.el5_4.3 Server
cyrus-sasl-ntlm.i386 2.1.22-5.el5_4.3 Server
cyrus-sasl-sql.i386 2.1.22-5.el5_4.3 Server
gnu-crypto-sasl-jdk1.4.i386 2.1.0-2jpp.1 Server
[root@localhost ~]# netstat -tnlp(查看系统服务,-t代表tcp,-n以数字显示,-l监听端口,-p显示服务名称)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3525/./hpiod
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 10780/php-fpm
tcp 0 0 0.0.0.0:879 0.0.0.0:* LISTEN 3241/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3202/portmap
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3557/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3569/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3776/sendmail
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 5975/sshd
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 6199/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3530/python
tcp 0 0 :::3306 :::* LISTEN 3725/mysqld
tcp 0 0 :::80 :::* LISTEN 6432/httpd
tcp 0 0 :::22 :::* LISTEN 3557/sshd
tcp 0 0 ::1:6010 :::* LISTEN 5975/sshd
tcp 0 0 ::1:6011 :::* LISTEN 6199/sshd
提示:25号端口已经被监听说明已经有一个邮件服务器了,一般而言装完服务器以后邮件服务器是自动安装而且是被启动的,红帽5.x默认安装的是sendmail,红帽6.x默认安装的是
postfix,因为系统上的很多自动化任务需要通过邮件服务器向管理员通知执行信息,但我们又不用sendmail,可以停止服务,卸载,否则我们就只能关闭重命名也行;
[root@localhost ~]# service sendmail stop(停止sendmail服务)
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
[root@localhost ~]# chkconfig sendmail off(关闭snedmail开启自动启动)
提示:如果不卸载到此步就可以了,其实不用重命名也成,只不过postfix会把它覆盖掉;
[root@localhost ~]# yum list all | grep sendmail(查看yum源列表只显示sendmail相关)
Unable to read consumer identity
sendmail.i386 8.13.8-8.1.el5_7 installed
sendmail-cf.i386 8.13.8-8.1.el5_7 Server
sendmail-devel.i386 8.13.8-8.1.el5_7 Server
sendmail-doc.i386 8.13.8-8.1.el5_7 Server
[root@localhost ~]# rpm -e sendmail(卸载sendmail的rpm软件)
error: Failed dependencies:
/usr/sbin/sendmail is needed by (installed) redhat-lsb-4.0-2.1.4.el5.i386
smtpdaemon is needed by (installed) mdadm-2.6.9-3.el5.i386
smtpdaemon is needed by (installed) fetchmail-6.3.6-4.el5.i386
smtpdaemon is needed by (installed) mutt-1.4.2.2-3.0.2.el5.i386
提示:报错,sendmail被依赖;
[root@localhost ~]# rpm -e sendmail --nodeps(卸载sendmail的rpm安装包,--nodeps不检查依赖关系)
warning: /var/log/mail/statistics saved as /var/log/mail/statistics.rpmsave
安装postfix:
我们要安装的postfix主要要跟MySQL联合起来能够实现虚拟用户,由此需要先安装好MySQL,不然编译出来的postfix将无法实现基于MySQL认证,最重要的是MySQL的头文件和
库文件要提供开发环境,我们这里已经安装好了;
[root@localhost ~]# ls /usr/local/(查看/usr/local目录下文件级子目录)
apache apr apr-util bin etc games include lib libexec mysql mysql-5.6.10-linux-glibc2.5-i686 php sbin share src
提示:mysql-5.6.10的版本已经安装完成;
[root@localhost ~]# lftp 172.16.0.1/pub/Sources(连接ftp服务器)
cd ok, cwd=/pub/Sources
lftp 172.16.0.1:/pub/Sources> cd postfix/(切换到postfix目录)
lftp 172.16.0.1:/pub/Sources/postfix> get postfix-2.10.0.tar.gz(下载postfix-2.10.0.tar.gz)
3826655 bytes transferred
lftp 172.16.0.1:/pub/Sources/postfix> bye(退出)
[root@localhost ~]# ls(查看当前目录文件级子目录)
anaconda-ks.cfg install.log mysql-5.6.10-linux-glibc2.5-i686.tar.gz
apr-1.4.6 install.log.syslog php-5.4.13
apr-1.4.6.tar.bz2 libmcrypt-2.5.7-5.el5.i386.rpm php-5.4.13.tar.bz2
apr-util-1.4.1 libmcrypt-devel-2.5.7-5.el5.i386.rpm phpMyAdmin-3.5.1-all-languages.tar.bz2
apr-util-1.4.1.tar.bz2 mbox postfix-2.10.0.tar.gz
httpd-2.4.4 mhash-0.9.2-6.el5.i386.rpm xcache-3.0.1
httpd-2.4.4.tar.bz2 mhash-devel-0.9.2-6.el5.i386.rpm xcache-3.0.1.tar.bz2
[root@localhost ~]# ls
anaconda-ks.cfg install.log mysql-5.6.10-linux-glibc2.5-i686.tar.gz
apr-1.4.6 install.log.syslog php-5.4.13
apr-1.4.6.tar.bz2 libmcrypt-2.5.7-5.el5.i386.rpm php-5.4.13.tar.bz2
apr-util-1.4.1 libmcrypt-devel-2.5.7-5.el5.i386.rpm phpMyAdmin-3.5.1-all-languages.tar.bz2
apr-util-1.4.1.tar.bz2 mbox postfix-2.10.0.tar.gz
httpd-2.4.4 mhash-0.9.2-6.el5.i386.rpm xcache-3.0.1
httpd-2.4.4.tar.bz2 mhash-devel-0.9.2-6.el5.i386.rpm xcache-3.0.1.tar.bz2
[root@localhost ~]# tar xf postfix-2.10.0.tar.gz(解压postfix-2.10.0,x解压,f后面跟文件)
[root@localhost ~]# cd postfix-2.10.0(切换到postfix-2.10.0目录)
[root@localhost postfix-2.10.0]# ls(查看当前目录文件及子目录)
AAAREADME include man RELEASE_NOTES-2.0 src
auxiliary INSTALL mantools RELEASE_NOTES-2.1 TLS_ACKNOWLEDGEMENTS
bin IPv6-ChangeLog pflogsumm_quickfix.txt RELEASE_NOTES-2.2 TLS_CHANGES
COMPATIBILITY lib PORTING RELEASE_NOTES-2.3 TLS_LICENSE
conf libexec postfix-install RELEASE_NOTES-2.4 TLS_TODO
COPYRIGHT LICENSE proto RELEASE_NOTES-2.5 US_PATENT_6321267
examples makedefs README_FILES RELEASE_NOTES-2.6
HISTORY Makefile RELEASE_NOTES RELEASE_NOTES-2.7
html Makefile.in RELEASE_NOTES-1.0 RELEASE_NOTES-2.8
implementation-notes Makefile.init RELEASE_NOTES-1.1 RELEASE_NOTES-2.9
提示:postfix编译方式比较独特,没有configure脚本,没办法使用configure、make、make install方法来安装;
[root@localhost postfix-2.10.0]# less INSTALL(分页显示INSTALL文件内容)
$ make makefiles CC=/opt/SUNWspro/bin/cc (Solaris)
$ make
$ make makefiles CC="/opt/ansic/bin/cc -Ae" (HP-UX)
$ make
$ make makefiles CC="purify cc"
$ make
[root@localhost postfix-2.10.0]# groupadd -g 2525 postfix(添加组postfix,-g指定组id为2525)
提示:gid和uid必须一样,而且大于1000;
[root@localhost postfix-2.10.0]# useradd -g 2525 -u 2525 -M -s /sbin/nologin postfix(添加用户postfix,-g指定加入组2525,-u指定uid,-M
不指定家目录,-s指定默认shell)
[root@localhost postfix-2.10.0]# groupadd -g 2526 postdrop(添加组postdrop,-g指定组id为2526)
[root@localhost postfix-2.10.0]# useradd -g 2526 -u 2526 -M -s /sbin/nologin postdrop(添加用户postdrop,-g指定加入组2526,-u指定uid,
-M不指定家目录,-s指定默认shell)
[root@localhost postfix-2.10.0]# id postfix(查看postfix用户信息)
uid=2525(postfix) gid=2525(postfix) groups=2525(postfix) context=root:system_r:unconfined_t:SystemLow-SystemHigh
[root@localhost postfix-2.10.0]# id postdrop(查看postdrop用户信息)
uid=2526(postdrop) gid=2526(postdrop) groups=2526(postdrop) context=root:system_r:unconfined_t:SystemLow-SystemHigh
配置postfix:
如果mysql不是使用通用二进制安装的-I/usr/include/mysql不要指定错
[root@localhost postfix-2.10.0]# yum list all | grep sasl
Unable to read consumer identity
cyrus-sasl.i386 2.1.22-5.el5_4.3 installed
cyrus-sasl-devel.i386 2.1.22-5.el5_4.3 installed
cyrus-sasl-lib.i386 2.1.22-5.el5_4.3 installed
cyrus-sasl-plain.i386 2.1.22-5.el5_4.3 installed
cyrus-sasl-gssapi.i386 2.1.22-5.el5_4.3 Server
cyrus-sasl-ldap.i386 2.1.22-5.el5_4.3 Server
cyrus-sasl-md5.i386 2.1.22-5.el5_4.3 Server
cyrus-sasl-ntlm.i386 2.1.22-5.el5_4.3 Server
cyrus-sasl-sql.i386 2.1.22-5.el5_4.3 Server
gnu-crypto-sasl-jdk1.4.i386 2.1.0-2jpp.1 Server
提示:确保sasl2开发功能安装,cyrus-sasl-devel.i386已经安装,请确保cyrus-sasl-plain.i386功能安装;
[root@localhost postfix-2.10.0]# rpm -ql cyrus-sasl-devel(查看cyrus-sasl-devel软件安装生成那些文件)
/usr/bin/sasl2-sample-client
/usr/bin/sasl2-sample-server
/usr/include/sasl(sasl头文件目录)
/usr/include/sasl/hmac-md5.h
/usr/include/sasl/md5.h
/usr/include/sasl/md5global.h
/usr/include/sasl/prop.h
/usr/include/sasl/sasl.h
/usr/include/sasl/saslplug.h
/usr/include/sasl/saslutil.h
/usr/lib/libsasl2.a(sasl库文件目录)
/usr/lib/libsasl2.so
/usr/sbin/sasl2-shared-mechlist
/usr/sbin/sasl2-static-mechlist
/usr/share/doc/cyrus-sasl-devel-2.1.22
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-burdis-cat-srp-sasl-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-ietf-sasl-anon-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-ietf-sasl-crammd5-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-ietf-sasl-gssapi-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-ietf-sasl-plain-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-ietf-sasl-rfc2222bis-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-ietf-sasl-rfc2831bis-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-ietf-sasl-saslprep-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-murchison-sasl-login-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-newman-sasl-c-api-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/draft-newman-sasl-passdss-xx.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc1321.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc1939.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2104.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2195.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2222.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2243.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2245.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2289.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2444.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2595.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2831.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc2945.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/rfc3174.txt
/usr/share/doc/cyrus-sasl-devel-2.1.22/testing.txt
/usr/share/man/man3/sasl.3.gz
/usr/share/man/man3/sasl_authorize_t.3.gz
/usr/share/man/man3/sasl_auxprop.3.gz
/usr/share/man/man3/sasl_auxprop_getctx.3.gz
/usr/share/man/man3/sasl_auxprop_request.3.gz
/usr/share/man/man3/sasl_callbacks.3.gz
/usr/share/man/man3/sasl_canon_user_t.3.gz
/usr/share/man/man3/sasl_chalprompt_t.3.gz
/usr/share/man/man3/sasl_checkapop.3.gz
/usr/share/man/man3/sasl_checkpass.3.gz
/usr/share/man/man3/sasl_client_init.3.gz
/usr/share/man/man3/sasl_client_new.3.gz
/usr/share/man/man3/sasl_client_start.3.gz
/usr/share/man/man3/sasl_client_step.3.gz
/usr/share/man/man3/sasl_decode.3.gz
/usr/share/man/man3/sasl_dispose.3.gz
/usr/share/man/man3/sasl_done.3.gz
/usr/share/man/man3/sasl_encode.3.gz
/usr/share/man/man3/sasl_encodev.3.gz
/usr/share/man/man3/sasl_errdetail.3.gz
/usr/share/man/man3/sasl_errors.3.gz
/usr/share/man/man3/sasl_errstring.3.gz
/usr/share/man/man3/sasl_getconfpath_t.3.gz
/usr/share/man/man3/sasl_getopt_t.3.gz
/usr/share/man/man3/sasl_getpath_t.3.gz
/usr/share/man/man3/sasl_getprop.3.gz
/usr/share/man/man3/sasl_getrealm_t.3.gz
/usr/share/man/man3/sasl_getsecret_t.3.gz
/usr/share/man/man3/sasl_getsimple_t.3.gz
/usr/share/man/man3/sasl_global_listmech.3.gz
/usr/share/man/man3/sasl_idle.3.gz
/usr/share/man/man3/sasl_listmech.3.gz
/usr/share/man/man3/sasl_log_t.3.gz
/usr/share/man/man3/sasl_server_init.3.gz
/usr/share/man/man3/sasl_server_new.3.gz
/usr/share/man/man3/sasl_server_start.3.gz
/usr/share/man/man3/sasl_server_step.3.gz
/usr/share/man/man3/sasl_server_userdb_checkpass_t.3.gz
/usr/share/man/man3/sasl_server_userdb_setpass_t.3.gz
/usr/share/man/man3/sasl_setpass.3.gz
/usr/share/man/man3/sasl_setprop.3.gz
/usr/share/man/man3/sasl_user_exists.3.gz
/usr/share/man/man3/sasl_verifyfile_t.3.gz
[root@localhost postfix-2.10.0]# cd /usr/lib/sa
samba/ sane/ sasl2/
[root@localhost postfix-2.10.0]# cd /usr/lib/sasl2/(切换到/usr/lib/sasl2目录)
[root@localhost sasl2]# ls
libanonymous.la liblogin.la libplain.la libsasldb.la
libanonymous.so liblogin.so libplain.so libsasldb.so
libanonymous.so.2 liblogin.so.2 libplain.so.2 libsasldb.so.2
libanonymous.so.2.0.22 liblogin.so.2.0.22 libplain.so.2.0.22 libsasldb.so.2.0.22
[root@localhost sasl2]# ll(查看当前目录文件及子目录详细信息)
total 1016
-rwxr-xr-x 1 root root 884 Mar 6 2010 libanonymous.la
lrwxrwxrwx 1 root root 22 Nov 22 2014 libanonymous.so -> libanonymous.so.2.0.22
lrwxrwxrwx 1 root root 22 Nov 22 2014 libanonymous.so.2 -> libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 14372 Mar 6 2010 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 856 Mar 6 2010 liblogin.la
lrwxrwxrwx 1 root root 18 Nov 22 2014 liblogin.so -> liblogin.so.2.0.22
lrwxrwxrwx 1 root root 18 Nov 22 2014 liblogin.so.2 -> liblogin.so.2.0.22
-rwxr-xr-x 1 root root 14752 Mar 6 2010 liblogin.so.2.0.22
-rwxr-xr-x 1 root root 856 Mar 6 2010 libplain.la
lrwxrwxrwx 1 root root 18 Nov 22 2014 libplain.so -> libplain.so.2.0.22
lrwxrwxrwx 1 root root 18 Nov 22 2014 libplain.so.2 -> libplain.so.2.0.22
-rwxr-xr-x 1 root root 14848 Mar 6 2010 libplain.so.2.0.22
-rwxr-xr-x 1 root root 930 Mar 6 2010 libsasldb.la
lrwxrwxrwx 1 root root 19 Nov 22 2014 libsasldb.so -> libsasldb.so.2.0.22
lrwxrwxrwx 1 root root 19 Nov 22 2014 libsasldb.so.2 -> libsasldb.so.2.0.22
-rwxr-xr-x 1 root root 905200 Mar 6 2010 libsasldb.so.2.0.22
[root@localhost sasl2]# cd ..(切换到上级目录)
[root@localhost lib]# cd /root/postfix-2.10.0(切换到/root/postfix-2.10.0目录)
[root@localhost postfix-2.10.0]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/
usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'(配额制
postfix)
[root@localhost postfix-2.10.0]# make(编译)
[root@localhost postfix-2.10.0]# cp /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib(复制/libmysqlclient.so.18文件到/usr/lib目录)
[root@localhost postfix-2.10.0]# make install(安装)
Please specify the prefix for installed file names. Specify this ONLY
if you are building ready-to-install packages for distribution to OTHER
machines. See PACKAGE_README for instructions.
install_root: [/] (安装到那里)
Please specify a directory for scratch files while installing Postfix. You
must have write permission in this directory.
tempdir: [/root/postfix-2.10.0] /tmp/postfix(临时文件目录)
Please specify the final destination directory for installed Postfix
configuration files.
config_directory: [/etc/postfix] (配置文件目录)
Please specify the final destination directory for installed Postfix
administrative commands. This directory should be in the command search
path of adminstrative users.
command_directory: [/usr/sbin] (命令目录)
Please specify the final destination directory for installed Postfix
daemon programs. This directory should not be in the command search path
of any users.
daemon_directory: [/usr/libexec/postfix] (服务器进程)
Please specify the final destination directory for Postfix-writable
data files such as caches or random numbers. This directory should not
be shared with non-Postfix software.
data_directory: [/var/lib/postfix] (postfix可写文件存储位置,生成一些随机数,加密用户邮件的时候)
Please specify the final destination directory for the Postfix HTML
files. Specify "no" if you do not want to install these files.
html_directory: [no] (帮助文档通过html向外提供帮助手册页)
Please specify the owner of the Postfix queue. Specify an account with
numerical user ID and group ID values that are not used by any other
accounts on the system.
mail_owner: [postfix] (邮件服务器运行者)
Please specify the final destination pathname for the installed Postfix
mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq] (邮件队列程序)
Please specify the final destination directory for the Postfix on-line
manual pages. You can no longer specify "no" here.
manpage_directory: [/usr/local/man] (手册安装位置)
Please specify the final destination pathname for the installed Postfix
newaliases command. This is the Sendmail-compatible command to build
alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases] (生成新别名)
Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix] (邮件队列位置)
Please specify the final destination directory for the Postfix README
files. Specify "no" if you do not want to install these files.
readme_directory: [no] (帮助文档)
Please specify the final destination pathname for the installed Postfix
sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail] (sendmail是smtp的客户端,跟sendmail服务器兼容的)
Please specify the group for mail submission and for queue management
commands. Specify a group name with a numerical group ID that is
not shared with other accounts, not even with the Postfix mail_owner
account. You can no longer specify "no" here.
setgid_group: [postdrop]
[root@localhost postfix-2.10.0]# cd(切换到用户家目录)
[root@localhost ~]# postfix start(启动postfix服务)
postfix/postfix-script: starting the Postfix mail system
[root@localhost ~]# netstat -tnlp(查看系统服务,-t代表tcp,-n以数字显示,-l监听端口,-p协议名称)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3525/./hpiod
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 10780/php-fpm
tcp 0 0 0.0.0.0:879 0.0.0.0:* LISTEN 3241/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3202/portmap
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3557/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3569/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 30102/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 25039/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3530/python
tcp 0 0 :::3306 :::* LISTEN 3725/mysqld
tcp 0 0 :::80 :::* LISTEN 6432/httpd
tcp 0 0 :::22 :::* LISTEN 3557/sshd
tcp 0 0 ::1:6010 :::* LISTEN 25039/sshd
提示:postfix监听端口25;
[root@localhost ~]# tail /var/log/maillog(查看maillog日志文件后10行)
Sep 30 19:16:53 localhost sendmail[11000]: t8UBGrRr011000: from=root, size=1064, class=0, nrcpts=1, msgid=<201509301116.t8UBGrRr011
000@localhost.localdomain>, relay=root@localhost
Sep 30 19:16:53 localhost sendmail[11002]: t8UBGrY0011002: from=<root@localhost.localdomain>, size=1344, class=0, nrcpts=1, msgid=
<201509301116.t8UBGrRr011000@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Sep 30 19:16:53 localhost sendmail[11000]: t8UBGrRr011000: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=re
lay, pri=31064, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t8UBGrY0011002 Message accepted for delivery)
Sep 30 19:16:54 localhost sendmail[11003]: t8UBGrY0011002: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain>
(0/0), delay=00:00:01, xdelay=00:00:01, mailer=local, pri=31578, dsn=2.0.0, stat=Sent
Oct 1 04:02:03 localhost sendmail[4895]: t8UK22Hk004895: from=root, size=2763, class=0, nrcpts=1, msgid=<201509302002.t8UK22Hk004
895@localhost.localdomain>, relay=root@localhost
Oct 1 04:02:03 localhost sendmail[5175]: t8UK23WJ005175: from=<root@localhost.localdomain>, size=3041, class=0, nrcpts=1, msgid=<
201509302002.t8UK22Hk004895@localhost.localdomain>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 1 04:02:03 localhost sendmail[4895]: t8UK22Hk004895: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=rel
ay, pri=32763, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t8UK23WJ005175 Message accepted for delivery)
Oct 1 04:02:03 localhost sendmail[5176]: t8UK23WJ005175: to=<root@localhost.localdomain>, ctladdr=<root@localhost.localdomain> (0
/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=33274, dsn=2.0.0, stat=Sent
Oct 1 08:38:47 localhost postfix/postfix-script[30100]: starting the Postfix mail system(postfix启动)
Oct 1 08:38:47 localhost postfix/master[30102]: daemon started -- version 2.10.0, configuration /etc/postfix(版本2.10.0,配置文件在
/etc/postfix)
提示:postfix初始化过程以及启动以后的所有信息都放在/var/log/maillog文件;
[root@localhost ~]# cd /etc/postfix/(切换到/etc/postfix目录)
[root@localhost postfix]# cat master.cf(查看master.cf文件内容)
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd(指定启动那些子进程)
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
#submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup(分拣进程)
cleanup unix n - n - 0 cleanup(清理进程)
qmgr unix n - n 300 1 qmgr(队列管理器)
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite(地址重写)
bounce unix - - n - 0 bounce(弹回)
defer unix - - n - 0 bounce(延迟发送队列管理器)
trace unix - - n - 0 bounce
verify unix - - n - 1 verify(验证器)
flush unix n - n 1000? 0 flush(清理器)
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
[root@localhost postfix]# cat main.cf(查看主配置文件main.cf文件内容)
[root@localhost postfix]# cat main.cf | wc -l(查看main.cf文件内容将结果送给管道显示多少行)
657
[root@localhost postfix]# vim main.cf(编辑主配置文件main.cf配置文件)
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain(上一个参数延续)
[root@localhost postfix]# postconf -h(查看postconf帮助信息)
[root@localhost postfix]# man postconf(查看postconf命令man帮助文档)
postconf - Postfix configuration utility(用户实现配置postfix配置命令行工具)
-d Print main.cf default parameter settings instead of actual settings.
Specify -df to fold long lines for human readability (Postfix 2.9 and
later).(显示main.cf主配置文件中的默认配置)
[root@localhost postfix]# postconf -d(显示postfix主配置文件main.cf默认配置)
[root@localhost postfix]# postconf -n(显示postfix主配置文件mian.cf修改的配置)
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
[root@localhost postfix]# man postconf(查看postconf命令man帮助)
-m List the names of all supported lookup table types. In Postfix configura-
tion files, lookup tables are specified as type:name, where type is one of
the types listed below. The table name syntax depends on the lookup table
type as described in the DATABASE_README document.(显示所有的查找表类型)
[root@localhost postfix]# postconf -m(显示所有的查找表类型)
btree
cidr
environ
fail
hash
internal
memcache
mysql
nis
pcre
proxy
regexp
socketmap
static
tcp
texthash
unix
[root@localhost postfix]# man postconf(查看postconf的man帮助文档)
-A List the available SASL client plug-in types. The SASL plug-in type is
selected with the smtp_sasl_type or lmtp_sasl_type configuration parame-
ters by specifying one of the names listed below.
cyrus This client plug-in is available when Postfix is built with Cyrus
SASL support.
This feature is available with Postfix 2.3 and later.(显示当前主机所支持的sasl客户端插件类型,它能够基于那些sasl服务完成认证功能)
[root@localhost postfix]# postconf -A(显示当前主机所支持的sasl客户端插件类型)
cyrus
[root@localhost postfix]# man postconf(查看postconf的man帮助文档)
-e Edit the main.cf configuration file, and update parameter settings with
the "name=value" pairs on the postconf(1) command line. The file is copied
to a temporary file then renamed into place. Specify quotes to protect
special characters and whitespace on the postconf(1) command line.(直接编辑main.cf文件,可以将里面内容更新为所需要内容)
[root@localhost postfix]# cd(切换到用户家目录)
[root@localhost ~]# telnet localhost 25(连接本地的25号端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix(220表示连接成功)
helo localhost(使用smtp协议向服务器发送hello信息)
250 localhost.localdomain
ehlo localhost(使用esmtp协议向服务器发送hello信息
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root(指定发件人为root)
250 2.1.0 Ok
mail from: obama@whitehouse.com(指定发件人为obama@whitehouse.com)
503 5.5.1 Error: nested MAIL command
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
[root@localhost ~]# useradd openstack(添加用户openstack)
[root@localhost ~]# useradd hadoop(添加用户hadoop)
[root@localhost ~]# useradd tomcat(添加用户tomcat)
[root@localhost ~]# telnet localhost 25(连接smtp服务器)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix
ehlo localhost(使用esmtp协议向服务器发送hello信息)
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:obama@whitehouse.com(指定发件人)
250 2.1.0 Ok
rcpt to:openstack(收件人)
451 4.3.0 <openstack>: Temporary lookup failure(临时性检索错误,可能在建立之间openstack用户没有建立起来)
data(正文)
554 5.5.1 Error: no valid recipients
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
提示:当前属于那个域,没有域,邮件服务器依赖于dns服务器,它必须要依赖于dns服务器解析mx记录的,所以此时邮件服务器上来就部署是不合适的,要先部署dns,给自己
主机起定域名,有mx记录,而且邮件服务器必须有A记录,而且还得有PTR记录,邮件服务器的A记录必须得有PTR在互联网上,如果没有它会认为你是一个垃圾邮件服务器,邮件
服务器必须得能反解析,我们这里只在本机发送,这无所谓,没涉及到给别的域交互;
[root@localhost ~]# tail /var/log/maillog(查看miallog日志文件后10行)
Oct 1 10:46:14 localhost postfix/smtpd[31184]: connect from localhost.localdomain[127.0.0.1]
Oct 1 10:52:24 localhost postfix/smtpd[31184]: timeout after MAIL from localhost.localdomain[127.0.0.1]
Oct 1 10:52:24 localhost postfix/smtpd[31184]: disconnect from localhost.localdomain[127.0.0.1]
Oct 1 10:54:42 localhost postfix/smtpd[31277]: error: open database /etc/aliases.db: No such file or directory
Oct 1 10:54:42 localhost postfix/smtpd[31277]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct 1 10:54:42 localhost postfix/smtpd[31277]: connect from localhost.localdomain[127.0.0.1]
Oct 1 10:55:29 localhost postfix/smtpd[31277]: warning: hash:/etc/aliases is unavailable. open database /etc/aliases.db: No such
file or directory(不能打开/etc/aliases文件,邮件别名)
Oct 1 10:55:29 localhost postfix/smtpd[31277]: warning: hash:/etc/aliases lookup error for "openstack@localhost.localdomain"
Oct 1 10:55:29 localhost postfix/smtpd[31277]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 451 4.3.0 <openstack>:
Temporary lookup failure; from=<obama@whitehouse.com> to=<openstack> proto=ESMTP helo=<localhost>
Oct 1 10:57:18 localhost postfix/smtpd[31277]: disconnect from localhost.localdomain[127.0.0.1]
[root@localhost ~]# newaliases(将/etc/aliases通过hash散列成/etc/aliases.db)
[root@localhost ~]# ls /etc | grep alias(查看/etc/目录文件及子目录将结果送给管道只显示alias相关)
aliases
aliases.db
[root@localhost ~]# postfix stop(停止postfix服务)
postfix/postfix-script: stopping the Postfix mail system
[root@localhost ~]# postfix start(启动postfix服务)
postfix/postfix-script: starting the Postfix mail system
[root@localhost ~]# tail /var/log/maillog(查看maillog日志文件后10行)
Oct 1 10:54:42 localhost postfix/smtpd[31277]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct 1 10:54:42 localhost postfix/smtpd[31277]: connect from localhost.localdomain[127.0.0.1]
Oct 1 10:55:29 localhost postfix/smtpd[31277]: warning: hash:/etc/aliases is unavailable. open database /etc/aliases.db:
No such file or directory
Oct 1 10:55:29 localhost postfix/smtpd[31277]: warning: hash:/etc/aliases lookup error for "openstack@localhost.localdomain"
Oct 1 10:55:29 localhost postfix/smtpd[31277]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 451 4.3.0 <opens
tack>: Temporary lookup failure; from=<obama@whitehouse.com> to=<openstack> proto=ESMTP helo=<localhost>
Oct 1 10:57:18 localhost postfix/smtpd[31277]: disconnect from localhost.localdomain[127.0.0.1]
Oct 1 12:49:27 localhost postfix/postfix-script[31771]: stopping the Postfix mail system
Oct 1 12:49:27 localhost postfix/master[30102]: terminating on signal 15
Oct 1 12:49:35 localhost postfix/postfix-script[31842]: starting the Postfix mail system
Oct 1 12:49:35 localhost postfix/master[31844]: daemon started -- version 2.10.0, configuration /etc/postfix
[root@localhost ~]# telnet localhost 25(连接本地25号端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix
helo localhost(通过smtp协议向服务器发送hello信息)
250 localhost.localdomain
mail from:obama@w.com(发件人)
250 2.1.0 Ok
rcpt to:openstack(收件人)
250 2.1.5 Ok
data(正文)
354 End data with <CR><LF>.<CR><LF>
Subject:How are you these days?(标题)
Are you guale ma?(内容)
.(发送邮件)
250 2.0.0 Ok: queued as 55FCEBEEC2(邮件排队)
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
[root@localhost ~]# tail /var/log/maillog
Oct 1 12:49:35 localhost postfix/master[31844]: daemon started -- version 2.10.0, configuration /etc/postfix
Oct 1 13:22:53 localhost postfix/smtpd[31995]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct 1 13:22:53 localhost postfix/smtpd[31995]: connect from localhost.localdomain[127.0.0.1]
Oct 1 13:24:00 localhost postfix/smtpd[31995]: 55FCEBEEC2: client=localhost.localdomain[127.0.0.1]
Oct 1 13:25:16 localhost postfix/cleanup[31998]: 55FCEBEEC2: message-id=<20151001052400.55FCEBEEC2@localhost.localdomain>
Oct 1 13:25:16 localhost postfix/qmgr[31845]: 55FCEBEEC2: from=<obama@w.com>, size=361, nrcpt=1 (queue active)(发件人)
Oct 1 13:25:16 localhost postfix/local[32001]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct 1 13:25:16 localhost postfix/local[32001]: 55FCEBEEC2: to=<openstack@localhost.localdomain>, orig_to=<openstack>,
relay=local, delay=97, delays=97/0.09/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)(收件人,状态sent,说明已经发出去
了,delivered to mailbox)
Oct 1 13:25:16 localhost postfix/qmgr[31845]: 55FCEBEEC2: removed
Oct 1 13:25:43 localhost postfix/smtpd[31995]: disconnect from localhost.localdomain[127.0.0.1]
[root@localhost ~]#su - openstack(切换到openstack用户)
[openstack@localhost ~]$ mail(收邮件)
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/openstack": 1 message 1 new
>N 1 obama@w.com Thu Oct 1 13:25 14/494 "How are you these days?"(邮件标题)
&
& 1(读取第一封邮件)
Message 1:
From obama@w.com Thu Oct 1 13:25:16 2015
X-Original-To: openstack
Delivered-To: openstack@localhost.localdomain
Subject:How are you these days?
Date: Thu, 1 Oct 2015 13:23:39 +0800 (CST)
From: obama@w.com
Are you guale ma?(邮件正文)
& quit(退出)
Saved 1 message in mbox
[root@localhost ~]# telnet localhost 25(连接本地25号端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix
helo localhost(通过smtp协议向服务器发送hello信息)
250 localhost.localdomain
mail from:a@yahoo.com(发件人)
250 2.1.0 Ok
rcpt to:jerry@qq.com(收件人)
250 2.1.5 Ok
data(正文)
354 End data with <CR><LF>.<CR><LF>
hello
.(发送)
250 2.0.0 Ok: queued as AB716BEEC2
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
[root@localhost ~]# tail /var/log/maillog(查看maillog日志文件后10行)
Oct 1 13:38:22 localhost postfix/qmgr[31845]: AB716BEEC2: from=<a@yahoo.com>, size=319, nrcpt=1 (queue active)
Oct 1 13:38:25 localhost postfix/smtpd[32117]: disconnect from localhost.localdomain[127.0.0.1]
Oct 1 13:38:26 localhost postfix/smtp[32123]: AB716BEEC2: to=<jerry@qq.com>, relay=mx3.qq.com[183.57.48.35]:25, delay=31,
delays=27/0.1/0.19/3.8, dsn=5.0.0, status=bounced (host mx3.qq.com[183.57.48.35] said: 550 Mail content denied. http://serv
ice.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726 (in reply to end of DATA command))
Oct 1 13:38:26 localhost postfix/cleanup[32122]: E6B18BEEC7: message-id=<20151001053826.E6B18BEEC7@localhost.localdomain>
Oct 1 13:38:26 localhost postfix/qmgr[31845]: E6B18BEEC7: from=<>, size=2353, nrcpt=1 (queue active)
Oct 1 13:38:26 localhost postfix/bounce[32124]: AB716BEEC2: sender non-delivery notification: E6B18BEEC7
Oct 1 13:38:26 localhost postfix/qmgr[31845]: AB716BEEC2: removed
Oct 1 13:38:28 localhost postfix/smtp[32123]: E6B18BEEC7: to=<a@yahoo.com>, relay=mta7.am0.yahoodns.net[98.136.217.203]:25,
delay=1.4, delays=0.03/0/0.92/0.44, dsn=5.7.1, status=bounced (host mta7.am0.yahoodns.net[98.136.217.203] said: 553 5.7.1
[BL21] Connections will not be accepted from 222.90.91.213, because the ip is in Spamhaus's list; see https://help.yahoo.com/
kb/postmaster/SLN5070.html (in reply to MAIL FROM command))
Oct 1 13:38:28 localhost postfix/smtp[32123]: E6B18BEEC7: lost connection with mta7.am0.yahoodns.net[98.136.217.203] while
sending RCPT TO
Oct 1 13:38:28 localhost postfix/qmgr[31845]: E6B18BEEC7: removed
[root@localhost ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口)
Trying 172.16.100.1...
Connected to 172.16.100.1 (172.16.100.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix
helo localhost(通过smtp协议向服务器发送hello信息)
250 localhost.localdomain
mail from:a@a.org(发件人)
250 2.1.0 Ok
rcpt to:jerry@qq.com(收件人)
250 2.1.5 Ok
data(正文)
354 End data with <CR><LF>.<CR><LF>
hello
.(发送)
250 2.0.0 Ok: queued as 3185BBEEC2
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
[root@localhost ~]# tail /var/log/maillog(查看maillog日志文件后10行)
Oct 1 13:44:49 localhost postfix/cleanup[32174]: 3185BBEEC2: message-id=<20151001054442.3185BBEEC2@localhost.localdomain>
Oct 1 13:44:49 localhost postfix/qmgr[31845]: 3185BBEEC2: from=<a@a.org>, size=304, nrcpt=1 (queue active)
Oct 1 13:44:50 localhost postfix/smtp[32175]: 3185BBEEC2: to=<jerry@qq.com>, relay=mx3.qq.com[183.57.48.35]:25, delay=19,
delays=18/0.04/0.14/1.1, dsn=5.0.0, status=bounced (host mx3.qq.com[183.57.48.35] said: 550 Mail content denied. http://serv
ice.mail.qq.com/cgi-bin/help?subtype=1&&id=20022&&no=1000726 (in reply to end of DATA command))(收件人)
Oct 1 13:44:50 localhost postfix/cleanup[32174]: 5FFB0BEEC7: message-id=<20151001054450.5FFB0BEEC7@localhost.localdomain>
Oct 1 13:44:50 localhost postfix/qmgr[31845]: 5FFB0BEEC7: from=<>, size=2326, nrcpt=1 (queue active)
Oct 1 13:44:50 localhost postfix/bounce[32176]: 3185BBEEC2: sender non-delivery notification: 5FFB0BEEC7
Oct 1 13:44:50 localhost postfix/qmgr[31845]: 3185BBEEC2: removed
Oct 1 13:44:52 localhost postfix/smtpd[32169]: disconnect from unknown[172.16.100.1]
Oct 1 13:45:20 localhost postfix/smtp[32175]: connect to a.org[50.63.46.1]:25: Connection refused
Oct 1 13:45:20 localhost postfix/smtp[32175]: 5FFB0BEEC7: to=<a@a.org>, relay=none, delay=30, delays=0.01/0/30/0, dsn=4.4.1,
status=deferred (connect to a.org[50.63.46.1]:25: Connection refused)(连接拒绝)
提示:只要是本机都给中继;
使用windows当客户端,通过xshell 5连接smtp服务器;
[c:\~]$ telnet 172.16.100.1 25(连接172.16.100.1的25号端口)
Connecting to 172.16.100.1:25...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
220 localhost.localdomain ESMTP Postfix
helo localhost(通过smtp协议向服务器发送hello信息)
250 localhost.localdomain
mail from:a@a.org(发件人)
250 2.1.0 Ok
rcpt to:c@c.org(收件人)
250 2.1.5 Ok
data(正文)
354 End data with <CR><LF>.<CR><LF>
helo
.(发送)
250 2.0.0 Ok: queued as C82FCBEECA
quit221 2.0.0 Bye(退出)
[root@localhost ~]# tail /var/log/maillog(查看/maillog日志文件后10行)
Oct 1 13:52:40 localhost postfix/qmgr[31845]: C82FCBEECA: from=<a@a.org>, size=177, nrcpt=1 (queue active)
Oct 1 13:52:44 localhost postfix/smtpd[32190]: disconnect from unknown[172.16.100.254]
Oct 1 13:53:06 localhost postfix/smtp[32196]: connect to c.org[54.231.13.220]:25: Connection refused
Oct 1 13:53:06 localhost postfix/smtp[32196]: C82FCBEECA: to=<c@c.org>, relay=none, delay=84, delays=58/0.01/26/0, dsn=4.4.1,
status=deferred (connect to c.org[54.231.13.220]:25: Connection refused)
Oct 1 13:54:35 localhost postfix/qmgr[31845]: 5FFB0BEEC7: from=<>, size=2326, nrcpt=1 (queue active)
Oct 1 13:55:02 localhost postfix/smtp[32196]: connect to a.org[50.63.46.1]:25: Connection refused
Oct 1 13:55:02 localhost postfix/smtp[32196]: 5FFB0BEEC7: to=<a@a.org>, relay=none, delay=612, delays=585/0.02/26/0, dsn=4.4.1,
status=deferred (connect to a.org[50.63.46.1]:25: Connection refused)
Oct 1 13:59:35 localhost postfix/qmgr[31845]: C82FCBEECA: from=<a@a.org>, size=177, nrcpt=1 (queue active)(发件人)
Oct 1 14:00:03 localhost postfix/smtp[32242]: connect to c.org[54.231.18.140]:25: Connection refused
Oct 1 14:00:03 localhost postfix/smtp[32242]: C82FCBEECA: to=<c@c.org>, relay=none, delay=500, delays=472/0.01/28/0, dsn=4.4.1,
status=deferred (connect to c.org[54.231.18.140]:25: Connection refused)(收件人,已经发送,postfix默认配置把当前主机的ip地址所在的网段都
认为是本地客户端,而所有的本地客户端都允许给中继的,这是默认配置)
SMTP --> SMTPS
ESMTP
POP3: 邮局协议
IMAP4: Internet Mail Access Protocol 互联网邮件访问协议
SASL: Simple Authentication Secure Layer
v1, v2
MDA: 邮件投递代理
procmail, maildrop
MUA: 邮件用户代理
mutt, mail
tom@a.org --> c.com(MX) --> jerry@b.net (mail.b.net)
Mail Relay:
MTA: sendmail, qmail, postfix, exim
postfix: 模块化设计, master(/etc/postfix/master.cf)
(/etc/postfix/main.cf)
postconf
-d: 默认选项
-n: 修改了的选项
-m: 支持的查找表类型
-A: 客户端支持的sasl插件类型
-a: 服务器端支持的sasl插件类型
-e PARA=VALUE: 修改配置文件某个参数
SMTP:
helo
mail from
rcpt to
data
.
quit
MX: mail.magedu.com
root@mail.magedu.com
--> root@magedu.com 邮件地址伪装
允许使用$PARAMETER引用响应参数的值
MRA: cyrus-imap, dovecot
dovecot依赖mysql客户端
pop3: 110/tcp
imap4: 143/tcp
以明文方式工作,
dovecot支持四种协议: pop3, imap4, pops, imaps
配置文件: /etc/dovecot.conf
有SASL认证能力
邮箱格式:
mbox: 一个文件存储所有邮件;
maildir: 一个文件存储一封邮件,所有邮件存储在一个目录中;
dovecot默认支持两种邮箱格式,红帽默认安装的邮件服务器使用的是mbox的邮件格式,dovecot装完以后它自动识别邮件的时候也是以mbox识别的,dovecot一定要监听在某个地址上,而且要监听这个端口上,才能向外提供服务,自己可以认证用户,所以当用户试图通过网络登录的时候输入帐号密码,它自己可以到/etc/passwd或/etc/shadow中检索的,它不依赖于sasl,dovecot自身就能实现用户认证,虽然它能够调用sasl;
/etc/rc.d/init.d/dovecot(dovecot启动脚本)
postfix + SASL 用户认证
1、启用sasl,启动sasl服务
/etc/init.d/sasl.authd(服务脚本)
/etc/sysconfig/saslauthd(配置脚本)
saslauthd -v: 显示当前主机saslauthd服务所支持的认证机制,默认为pam
smtp:
connection: smtpd_client_restrications = check_client_access hash:/etc/postfix/access(限定谁可以向我们发起连接)
helo: smtpd_helo_restrications = chek_helo_access mysql:/etc/postfix/mysql_user(用于限定只有谁才可以发送helo指令)
mail from: smtpd_sender_restrications = (用于限定谁才可以像我们发送mail from指令)
rcpt to: smtpd_recipient_restrictions = (只有那些人才向我们发送rcpt to信息)
data: smtdp_data_restrications = (只有谁才可以向我们发送data指令)
mail from: obama@aol.com
a.com
/etc/aliasec --> /etc/aliases.db
查找表:
访问控制文件:
/etc/postfix/access --> hash --> /etc/postfix/access.db
abama@aol.com reject
microsoft.com ok
a@magedu.com hadoop@magedu.com
三、安装配置postfix
# groupadd -g 2525 postfix
# useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
# groupadd -g 2526 postdrop
# useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop
# tar zxvf postfix-2.9.3.tar.gz
# cd postfix-2.9.3
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'
# make
# make install
# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'
按照以下的提示输入相关的路径([]号中的是缺省值,”]”后的是输入值,省略的表示采用默认值)
install_root: [/] /
tempdir: [/root/postfix-2.9.3] /tmp/postfix
config_directory: [/etc/postfix] /etc/postfix
daemon_directory: [/usr/libexec/postfix]
command_directory: [/usr/sbin]
queue_directory: [/var/spool/postfix]
sendmail_path: [/usr/sbin/sendmail]
newaliases_path: [/usr/bin/newaliases]
mailq_path: [/usr/bin/mailq]
mail_owner: [postfix]
setgid_group: [postdrop]
html_directory: [no]/var/www/html/postfix
manpages: [/usr/local/man]
readme_directory: [no]
生成别名二进制文件:
# newaliases
2.进行一些基本配置,测试启动postfix并进行发信
# vim /etc/postfix/main.cf
修改以下几项为您需要的配置
myhostname = mail.magedu.com(当前邮件服务器自己的主机名)
myorigin = magedu.com(当发件人名称不完成自动后面补上magedu.com,myorigin也称为邮件地址伪装,但凡来自这个域的邮件它的发件人都是这个域邮件,都会被改写这个域的名字)
mydomain = magedu.com(自己当前主机所在的域,如果没有定义mydomain,它就把myhostname第一段去掉,剩下的内容当作本机所在域的域名)
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain($引用其他参数的值,所有邮件目标收件人的@后面的字符串如果为定义的表示本机就是为它们所收邮件的服务器,只要@后面不是这个字符串表示要中继邮件)
mynetworks = 192.168.1.0/24, 127.0.0.0/8(给来自那些网段主机中继)
说明:
myorigin参数用来指明发件人所在的域名,即做发件地址伪装;
mydestination参数指定postfix接收邮件时收件人的域名,即您的postfix系统要接收到哪个域名的邮件;
myhostname 参数指定运行postfix邮件系统的主机的主机名,默认情况下,其值被设定为本地机器名;
mydomain 参数指定您的域名,默认情况下,postfix将myhostname的第一部分删除而作为mydomain的值;
mynetworks 参数指定你所在的网络的网络地址,postfix系统根据其值来区别用户是远程的还是本地的,如果是本地网络用户则允许其访问;
inet_interfaces 参数指定postfix系统监听的网络接口;
注意:
1、在postfix的配置文件中,参数行和注释行是不能处在同一行中的;
2、任何一个参数的值都不需要加引号,否则,引号将会被当作参数值的一部分来使用;
3、每修改参数及其值后执行 postfix reload 即可令其生效;但若修改了inet_interfaces,则需重新启动postfix;
4、如果一个参数的值有多个,可以将它们放在不同的行中,只需要在其后的每个行前多置一个空格即可;postfix会把第一个字符为空格或tab的文本行视为上一行的延续;
四、为postfix提供SysV服务脚本/etc/rc.d/init.d/postfix,内容如下(#END 之前):
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
# END
为此脚本赋予执行权限:
# chmod +x /etc/rc.d/init.d/postfix
将postfix服务添加至服务列表:
# chkconfig --add postfix
设置其开机自动启动:
# chkconfig postfix on
使用此脚本重新启动服务,以测试其能否正常执行:
# service postfix restart
此时可使用本地用户测试邮件收发了。
五、为postfix服务开启用户别名支持:
1、在配置文件开启基于hash的别名文件支持
在main.cf中,找到如下指令,而后启用它(即移除前面的#号):
#alias_maps = hash:/etc/aliases
2、在/etc/aliases文件中定义新的别名项,其格式通常为以冒号隔开的两个字段,前一个字段为初始目标邮件地址,后一个字段为实际发往的地址,如:
redhat: magedu
gentoo@126.com: admin@magedu.com
3、将/etc/aliases转换为hash格式:
# postalias /etc/aliases
4、让postfix重新载入配置文件,即可进行测试;
六、实现postfix基于客户端的访问控制
1、基于客户端的访问控制概览
postfix内置了多种反垃圾邮件的机制,其中就包括“客户端”发送邮件限制。客户端判别机制可以设定一系列客户信息的判别条件:
smtpd_client_restrictions(限定谁可以向我们发起连接)
smtpd_data_restrictions (只有谁才可以向我们发送data指令)
smtpd_helo_restrictions (用于限定只有谁才可以发送helo指令)
smtpd_recipient_restrictions (只有那些人才向我们发送rcpt to信息)
smtpd_sender_restrictions (用于限定谁才可以像我们发送mail from指令)
上面的每一项参数分别用于检查SMTP会话过程中的特定阶段,即客户端提供相应信息的阶段,如当客户端发起连接请求时,postfix就可以根据配置文件中定义的smtpd_client_restrictions参数来判别此客户端IP的访问权限。相应地,smtpd_helo_restrictions则用于根据用户的helo信息判别客户端的访问能力等等。
如果DATA命令之前的所有内容都被接受,客户端接着就可以开始传送邮件内容了。邮件内容通常由两部分组成,前半部分是标题(header),其可以由header_check过滤,后半部分是邮件正文(body),其可以由check_body过滤。这两项实现的是邮件“内容检查”。
postfix的默认配置如下:
smtpd_client_restrictions =
smtpd_data_restrictions =
smtpd_end_of_data_restrictions =
smtpd_etrn_restrictions =
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,(允许mynetworks所定义那些网段通过我们中继邮件)
reject_unauth_destination(拒绝未经认证的,无法到达的目标)
smtpd_sender_restrictions =
这限制了只有mynetworks参数中定义的本地网络中的客户端才能通过postfix转发邮件,其它客户端则不被允许,从而关闭了开放式中继(open relay)的功能。
Postfix有多个内置的限制条件,如上面的permit_mynetworks和reject_unauth_destination,但管理员也可以使用访问表(access map)来自定义限制条件。自定义访问表的条件通常使用check_client_access, check_helo_access, check_sender_access, check_recipient_access进行,它们后面通常跟上type:mapname格式的访问表类型和名称。其中,check_sender_access和check_recipient_access用来检查客户端提供的邮件地址,因此,其访问表中可以使用完整的邮件地址,如admin@magedu.com;也可以只使用域名,如magedu.com;还可以只有用户名的部分,如marion@。
2、实现示例1
这里以禁止172.16.100.66这台主机通过工作在172.16.100.1上的postfix服务发送邮件为例演示说明其实现过程。访问表使用hash的格式。
(1)首先,编辑/etc/postfix/access文件,以之做为客户端检查的控制文件,在里面定义如下一行:
172.16.100.66 REJECT
(2)将此文件转换为hash格式
# postmap /etc/postfix/access
(3)配置postfix使用此文件对客户端进行检查
编辑/etc/postfix/main.cf文件,添加如下参数:
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
(4)让postfix重新载入配置文件即可进行发信控制的效果测试了。
3、实现示例2
这里以禁止通过本服务器向microsoft.com域发送邮件为例演示其实现过程。访问表使用hash的格式。
(1)首先,建立/etc/postfix/denydstdomains文件(文件名任取),在里面定义如下一行:
microsoft.com REJECT
(2)将此文件转换为hash格式
# postmap /etc/postfix/denydstdomains
(3)配置postfix使用此文件对客户端进行检查
编辑/etc/postfix/main.cf文件,添加如下参数:
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/denydstdomains, permit_mynetworks, reject_unauth_destination
(4)让postfix重新载入配置文件即可进行发信控制的效果测试了。
4、检查表格式的说明
hash类的检查表都使用类似如下的格式:
pattern action
检查表文件中,空白行、仅包含空白字符的行和以#开头的行都会被忽略。以空白字符开头后跟其它非空白字符的行会被认为是前一行的延续,是一行的组成部分。
(1)关于pattern
其pattern通常有两类地址:邮件地址和主机名称/地址。
邮件地址的pattern格式如下:
user@domain 用于匹配指定邮件地址;
domain.tld 用于匹配以此域名作为邮件地址中的域名部分的所有邮件地址;
user@ 用于匹配以此作为邮件地址中的用户名部分的所有邮件地址;
主机名称/地址的pattern格式如下:
domain.tld 用于匹配指定域及其子域内的所有主机;
.domain.tld 用于匹配指定域的子域内的所有主机;
net.work.addr.ess
net.work.addr
net.work
net 用于匹配特定的IP地址或网络内的所有主机;
network/mask CIDR格式,匹配指定网络内的所有主机;
(2)关于action
接受类的动作:
OK 接受其pattern匹配的邮件地址或主机名称/地址;
全部由数字组成的action 隐式表示OK;
拒绝类的动作(部分):
4NN text
5NN text
其中4NN类表示过一会儿重试;5NN类表示严重错误,将停止重试邮件发送;421和521对于postfix来说有特殊意义,尽量不要自定义这两个代码;
REJECT optional text... 拒绝;text为可选信息;
DEFER optional text... 拒绝;text为可选信息;
七、为postfix开启基于cyrus-sasl的认证功能
使用以下命令验正postfix是否支持cyrus风格的sasl认证,如果您的输出为以下结果,则是支持的:
# /usr/local/postfix/sbin/postconf -a
cyrus
dovecot
#vim /etc/postfix/main.cf
添加以下内容:
############################CYRUS-SASL############################
broken_sasl_auth_clients = yes(是否通过sasl来检查client发送邮件,是否验证客户端身份)
smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth_destination
(定义收件人限定,permit_mynetworks允许本地网络,permit_sasl_authenticated允许sasl验证通过的用户,reject_invalid_invalid_hostname拒绝主机名不合法的主机收发邮件,reject_non_fqdn_hostname如果主机名不是fqdn格式也不允许,reject_unknown_sender_domain拒绝无法识别的发件人域,reject_non_fqdn_sender拒绝没有fqdn发件人,reject_non_fqdn_recipient拒绝没有fqdn的收件人,reject_unknown_recipient_domain拒绝无法识别的收件人域,reject_unauth_pipelining拒绝无法验证的管道,reject_unauth_destination拒绝未认证的目标)
smtpd_sasl_auth_enable = yes(启动sasl认证的功能)
smtpd_sasl_local_domain = $myhostname(基于sasl认证的时候我们本地域是谁,只识别本地主机的)
smtpd_sasl_security_options = noanonymous(sasl安全选项,不支持匿名用户)
smtpd_sasl_path = smtpd(那一个服务使用sasl功能)
smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available!(定义欢迎信息)
# vim /usr/lib/sasl2/smtpd.conf
添加如下内容:
pwcheck_method: saslauthd(基于那种方式实现认证)
mech_list: PLAIN LOGIN(两种认证机制)
让postfix重新加载配置文件
#/usr/sbin/postfix reload
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available!
ehlo mail.magedu.com
250-mail.magedu.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN (请确保您的输出以类似两行)
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
[root@localhost ~]# vim /etc/init.d/postfix(编辑postfix服务器启动脚本)
#!/bin/bash
#
# postfix Postfix Mail Transfer Agent
#
# chkconfig: 2345 80 30
# description: Postfix is a Mail Transport Agent, which is the program \
# that moves mail from one machine to another.
# processname: master
# pidfile: /var/spool/postfix/pid/master.pid
# config: /etc/postfix/main.cf
# config: /etc/postfix/master.cf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ $NETWORKING = "no" ] && exit 3
[ -x /usr/sbin/postfix ] || exit 4
[ -d /etc/postfix ] || exit 5
[ -d /var/spool/postfix ] || exit 6
RETVAL=0
prog="postfix"
start() {
# Start daemons.
echo -n $"Starting postfix: "
/usr/bin/newaliases >/dev/null 2>&1
/usr/sbin/postfix start 2>/dev/null 1>&2 && success || failure $"$prog start"
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/postfix
echo
return $RETVAL
}
stop() {
# Stop daemons.
echo -n $"Shutting down postfix: "
/usr/sbin/postfix stop 2>/dev/null 1>&2 && success || failure $"$prog stop"
RETVAL=$?
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/postfix
echo
return $RETVAL
}
reload() {
echo -n $"Reloading postfix: "
/usr/sbin/postfix reload 2>/dev/null 1>&2 && success || failure $"$prog reload"
RETVAL=$?
echo
return $RETVAL
}
abort() {
/usr/sbin/postfix abort 2>/dev/null 1>&2 && success || failure $"$prog abort"
return $?
}
flush() {
/usr/sbin/postfix flush 2>/dev/null 1>&2 && success || failure $"$prog flush"
return $?
}
check() {
/usr/sbin/postfix check 2>/dev/null 1>&2 && success || failure $"$prog check"
return $?
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
abort)
abort
;;
flush)
flush
;;
check)
check
;;
status)
status master
;;
condrestart)
[ -f /var/lock/subsys/postfix ] && restart || :
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|abort|flush|check|status|condrestart}"
exit 1
esac
exit $?
# END
[root@localhost ~]# chmod +x /etc/init.d/postfix(给postfix脚本执行权限)
[root@localhost ~]# chkconfig --add postfix(将postfix添加到服务列表)
[root@localhost ~]# chkconfig --list postfix(查看postfix在不同系统级别下启动情况)
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@localhost ~]# service postfix restart(重启postfix服务)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@localhost ~]# hostname(查看主机名称)
localhost.localdomain
提示:邮件服务器的名称myhostname应该跟hostname的结果保持一致,所以myhostname修改了这个位置也要修改,同样dns服务器中标记这台主机名称也要匹配起来;
[root@localhost ~]# telnet localhost 25(连接本地25号端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix
helo localhost(通过smtp协议向服务器发送hello信息)
250 localhost.localdomain
mail from:root(发件人)
250 2.1.0 Ok
[root@localhost ~]# hostname mail.magedu.com(修改主机名为mail.magedu.com)
[root@localhost ~]# vim /etc/sysconfig/network(编辑network文件)
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=mail.magedu.com
提示:永久修改主机名;
[root@mail ~]# hostname(查看系统主机名)
mail.magedu.com
[root@mail ~]# rpm -qa | grep bind(查看是否安装bind)
bind-libs-9.3.6-20.P1.el5
bind-utils-9.3.6-20.P1.el5
ypbind-1.19-12.el5_6.1
[root@mail ~]# rpm -e bind-libs bind-utils(卸载bind-libs和bind-utils)
[root@mail ~]# yum install bind97 bind97-utils(通过yum源安装bind97和bind97-utils)
[root@mail ~]# vim /etc/named.conf(编辑named.conf配置文件)
options {
listen-on port 53;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
[root@mail ~]# service named start(启动named服务)
Starting named:
Error in named configuration:
/etc/named.conf:11: '{' expected near ';'
[FAILED]
[root@mail ~]# vim /etc/named.conf(编辑named配置文件)
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
[root@mail ~]# service named start(启动named服务)
Starting named: [ OK ]
[root@mail ~]# netstat -tnlp(查看系统服务,-t代表tcp,-n以数字显示,-l监听端口,-p协议名称)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3525/./hpiod
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 10780/php-fpm
tcp 0 0 0.0.0.0:879 0.0.0.0:* LISTEN 3241/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3202/portmap
tcp 0 0 192.168.142.128:53 0.0.0.0:* LISTEN 578/named
tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 578/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 578/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3557/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3569/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 578/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 32514/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 32765/sshd
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 384/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3530/python
tcp 0 0 :::3306 :::* LISTEN 3725/mysqld
tcp 0 0 :::80 :::* LISTEN 6432/httpd
tcp 0 0 :::22 :::* LISTEN 3557/sshd
tcp 0 0 ::1:953 :::* LISTEN 578/named
tcp 0 0 ::1:6010 :::* LISTEN 32765/sshd
tcp 0 0 ::1:6011 :::* LISTEN 384/sshd
[root@mail ~]# netstat -tunlp(查看系统服务,-t代表tcp,-u代表udp,-n以数字显示,-l监听端口,-p协议名称)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3525/./hpiod
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 10780/php-fpm
tcp 0 0 0.0.0.0:879 0.0.0.0:* LISTEN 3241/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3202/portmap
tcp 0 0 192.168.142.128:53 0.0.0.0:* LISTEN 578/named
tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 578/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 578/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3557/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3569/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 578/named
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 32514/master
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 32765/sshd
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 384/sshd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3530/python
tcp 0 0 :::3306 :::* LISTEN 3725/mysqld
tcp 0 0 :::80 :::* LISTEN 6432/httpd
tcp 0 0 :::22 :::* LISTEN 3557/sshd
tcp 0 0 ::1:953 :::* LISTEN 578/named
tcp 0 0 ::1:6010 :::* LISTEN 32765/sshd
tcp 0 0 ::1:6011 :::* LISTEN 384/sshd
udp 0 0 192.168.142.128:53 0.0.0.0:* 578/named
udp 0 0 172.16.100.1:53 0.0.0.0:* 578/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 578/named
udp 0 0 0.0.0.0:68 0.0.0.0:* 3000/dhclient
udp 0 0 0.0.0.0:47439 0.0.0.0:* 4009/avahi-daemon
udp 0 0 0.0.0.0:5353 0.0.0.0:* 4009/avahi-daemon
udp 0 0 0.0.0.0:873 0.0.0.0:* 3241/rpc.statd
udp 0 0 0.0.0.0:876 0.0.0.0:* 3241/rpc.statd
udp 0 0 0.0.0.0:111 0.0.0.0:* 3202/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3569/cupsd
udp 0 0 :::49671 :::* 4009/avahi-daemon
udp 0 0 :::5353 :::* 4009/avahi-daemon
[root@mail ~]# vim /etc/named.conf(编辑named.conf配置文件)
options {
listen-on port 53;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";(在named.rfc1912.zones配置文件定义区域是最好的)
[root@mail ~]# vim /etc/named.rfc1912.zones(编辑named.rfc1912.zones文件)
zone "magedu.com" IN {
type master;(主服务器)
file "magedu.com.zone";(正向区域配置文件)
allow-update { none; };(不允许任何人更新)
allow-transfer { none; };(不允许任何人做区域传送)
};
zone "100.16.172.in-addr.arpa" IN {
type master;(主服务器)
file "172.16.100.zone";(反向区域配置文件)
allow-update { none; };(不允许任何人更新)
allow-transfer { none; };(不允许任何人做区域传送)
};
[root@mail ~]# named-checkconf(检查配置文件语法)
[root@mail ~]# named-checkconf /etc/named.conf(检查配置文件named.conf语法)
[root@mail ~]# cd /var/named/(切换到/var/named目录)
[root@mail named]# ls(查看当前目录文件及子目录)
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@mail named]# vim magedu.com.zone(编辑magedu.com.zone区域数据文件)
$TTL 600
@ IN SOA ns.magedu.com. admin.magedu.com. (
2013041201(序列号)
2H(刷新时间)
10M(重试时间)
3D(过期时间)
1D )(否定回答TTL值)
IN NS ns
IN MX 10 mail
ns IN A 172.16.100.1
mail IN A 172.16.100.1
[root@mail named]# cp magedu.com.zone 172.16.100.zone(复制magedu.com.zone文件为172.16.100.zone)
[root@mail named]# vim 172.16.100.zone(编辑172.16.100.zone区域数据文件)
$TTL 600
@ IN SOA ns.magedu.com. admin.magedu.com. (
2013041201
2H
10M
3D
1D )
IN NS ns.magedu.com.
1 IN PTR ns.magedu.com.
1 IN PTR mail.magedu.com.
[root@mail named]# chgrp named magedu.com.zone 172.16.100.zone(修改magedu.com.zone和172.16.100.zone的属组为named)
[root@mail named]# chmod 640 magedu.com.zone 172.16.100.zone(更改magedu.com.zone和172.16.100.zone权限为640)
[root@mail named]# ll(查看当前目录文件级子目录详细信息)
total 72
-rw-r----- 1 root named 174 Oct 1 16:53 172.16.100.zone
drwxrwx--- 2 named named 4096 Oct 1 15:48 data
drwxrwx--- 2 named named 4096 Oct 1 16:48 dynamic
-rw-r----- 1 root named 179 Oct 1 16:53 magedu.com.zone
-rw-r----- 1 root named 1892 Feb 18 2008 named.ca
-rw-r----- 1 root named 152 Dec 15 2009 named.empty
-rw-r----- 1 root named 152 Jun 21 2007 named.localhost
-rw-r----- 1 root named 168 Dec 15 2009 named.loopback
drwxrwx--- 2 named named 4096 Nov 17 2011 slaves
[root@mail named]# named-checkzone "magedu.com" magedu.com.zone(检查magedu.com.zone区域数据文件语法)
zone magedu.com/IN: loaded serial 2013041201
OK
[root@mail named]# named-checkzone "100.16.172.in-addr.arpa" 172.16.100.zone(检查172.16.100.zone区域数据文件语法)
zone 100.16.172.in-addr.arpa/IN: loaded serial 2013041201
OK
[root@mail named]# service named start(启动named服务)
Starting named: named: already running [ OK ]
[root@mail named]# chkconfig named on(启动named服务在相应系统级别下)
[root@mail named]# dig -t MX magedu.com @172.16.100.1(通过172.16.100.1服务器查找magedu.com的MX记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t MX magedu.com @172.16.100.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 30930
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;magedu.com. IN MX
;; Query time: 4539 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Thu Oct 1 17:23:37 2015
;; MSG SIZE rcvd: 28
[root@mail named]# service named restart(重启named服务)
Stopping named: [ OK ]
Starting named: [ OK ]
[root@mail named]# dig -t MX magedu.com @172.16.100.1(通过172.16.100.1查询magedu.com的MX记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t MX magedu.com @172.16.100.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54732
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;magedu.com. IN MX
;; ANSWER SECTION:
magedu.com. 600 IN MX 10 mail.magedu.com.
;; AUTHORITY SECTION:
magedu.com. 600 IN NS ns.magedu.com.
;; ADDITIONAL SECTION:
mail.magedu.com. 600 IN A 172.16.100.1
ns.magedu.com. 600 IN A 172.16.100.1
;; Query time: 1 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Thu Oct 1 17:26:12 2015
;; MSG SIZE rcvd: 98
[root@mail named]# dig -t A mail.magedu.com(查询mail.magedu.com的A记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A mail.magedu.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8064
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.magedu.com. IN A
;; ANSWER SECTION:
mail.magedu.com. 600 IN A 172.16.100.1
;; AUTHORITY SECTION:
magedu.com. 600 IN NS ns.magedu.com.
;; ADDITIONAL SECTION:
ns.magedu.com. 600 IN A 172.16.100.1
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 1 17:29:15 2015
;; MSG SIZE rcvd: 82
[root@mail named]# dig -t A mail.magedu.com @172.16.100.1(通过172.16.100.1服务器查询mail.magedu.com的A记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -t A mail.magedu.com @172.16.100.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22139
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;mail.magedu.com. IN A
;; ANSWER SECTION:
mail.magedu.com. 600 IN A 172.16.100.1
;; AUTHORITY SECTION:
magedu.com. 600 IN NS ns.magedu.com.
;; ADDITIONAL SECTION:
ns.magedu.com. 600 IN A 172.16.100.1
;; Query time: 27 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Thu Oct 1 17:32:12 2015
;; MSG SIZE rcvd: 82
[root@mail named]# dig -x 172.16.100.1 @172.16.100.1(通过172.16.100.1查找172.16.100.1的PRT记录)
; <<>> DiG 9.7.0-P2-RedHat-9.7.0-6.P2.el5_7.4 <<>> -x 172.16.100.1 @172.16.100.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24992
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;1.100.16.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.100.16.172.in-addr.arpa. 600 IN PTR ns.magedu.com.
1.100.16.172.in-addr.arpa. 600 IN PTR mail.magedu.com.
;; AUTHORITY SECTION:
100.16.172.in-addr.arpa. 600 IN NS ns.magedu.com.
;; ADDITIONAL SECTION:
ns.magedu.com. 600 IN A 172.16.100.1
;; Query time: 2 msec
;; SERVER: 172.16.100.1#53(172.16.100.1)
;; WHEN: Thu Oct 1 17:38:11 2015
;; MSG SIZE rcvd: 119
[root@mail named]# cd(切换到用户家目录)
[root@mail ~]# cd /etc/postfix/(切换到/etc/postfix目录)
[root@mail postfix]# ls(查看当前目录文件及子目录)
access bounce.cf.default generic LICENSE main.cf.default master.cf TLS_LICENSE virtual
aliases canonical header_checks main.cf makedefs.out relocated transport
[root@mail postfix]# vim main.cf(编辑postfix主配置文件main.cf)
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 172.16.0.0/16, 127.0.0.0/8(给来自那些网络中的主机中继邮件)
#myhostname = host.domain.tld
#myhostname = virtual.domain.tld
myhostname = mail.magedu.com(当前邮件服务器自己的主机名)
#myorigin = $myhostname
#myorigin = $mydomain
myorigin = $mydomain
#mydomain = domain.tld
mydomain = magedu.com
#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
mydestination = $myhostname, $mydomain, localhost, ns.$mydomain
/mynetworks
/myhostname
/myorigin
/mydomain
/mydestination
[root@mail postfix]# service postfix restart(重启postfix服务)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@mail postfix]# tail /var/log/maillog(查看maillog日志文件后10行)
Oct 1 19:08:10 localhost postfix/qmgr[32515]: 5FFB0BEEC7: from=<>, size=2326, nrcpt=1 (queue active)
Oct 1 19:08:11 localhost postfix/smtp[1406]: 5FFB0BEEC7: to=<a@a.org>, relay=none, delay=19401, delays=19400/0.02/0.82/0, dsn=4.4.3,
status=deferred (Host or domain name not found. Name service error for name=a.org type=MX: Host not found, try again)
Oct 1 19:48:10 localhost postfix/qmgr[32515]: C82FCBEECA: from=<a@a.org>, size=177, nrcpt=1 (queue active)
Oct 1 19:48:10 localhost postfix/smtp[1475]: C82FCBEECA: to=<c@c.org>, relay=none, delay=21388, delays=21387/0.01/0.26/0, dsn=4.4.3,
status=deferred (Host or domain name not found. Name service error for name=c.org type=MX: Host not found, try again)
Oct 1 20:18:08 localhost postfix/postfix-script[1573]: stopping the Postfix mail system
Oct 1 20:18:08 localhost postfix/master[32514]: terminating on signal 15
Oct 1 20:18:09 localhost postfix/postfix-script[1646]: starting the Postfix mail system
Oct 1 20:18:09 localhost postfix/master[1648]: daemon started -- version 2.10.0, configuration /etc/postfix
Oct 1 20:18:09 localhost postfix/qmgr[1649]: 5FFB0BEEC7: from=<>, size=2326, nrcpt=1 (queue active)
Oct 1 20:18:09 localhost postfix/smtp[1653]: 5FFB0BEEC7: to=<a@a.org>, relay=none, delay=23599, delays=23599/0.02/0.69/0, dsn=4.4.3,
status=deferred (Host or domain name not found. Name service error for name=a.org type=MX: Host not found, try again)
[root@mail postfix]# vim /etc/resolv.conf(编辑dns指定配置文件)
nameserver 172.16.100.1
search localdomain
提示:dns指向本机;
[root@mail postfix]# telnet mail.magedu.com 25(连接mail.magedu.com的25号端口)
Trying 172.16.100.1...
Connected to mail.magedu.com (172.16.100.1).
Escape character is '^]'.
220 mail.magedu.com ESMTP Postfix
helo mail.magedu.com(通过smtp协议向mail.magedu.com服务器发送hello信息)
250 mail.magedu.com
mail from:abc@abc.com(发件人)
250 2.1.0 Ok
rcpt to:obama@whitehouse.com(收件人)
250 2.1.5 Ok
data(正文)
354 End data with <CR><LF>.<CR><LF>
hello
.(结束)
250 2.0.0 Ok: queued as DE677BEEDA
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
[root@mail postfix]# tail /var/log/maillog(查看maillog日志文件后10行)
Oct 1 20:35:03 localhost postfix/master[1648]: terminating on signal 15
Oct 1 20:35:03 localhost postfix/postfix-script[1779]: starting the Postfix mail system
Oct 1 20:35:03 localhost postfix/master[1781]: daemon started -- version 2.10.0, configuration /etc/postfix
Oct 1 20:35:22 localhost postfix/smtpd[1788]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct 1 20:35:22 localhost postfix/smtpd[1788]: connect from mail.magedu.com[172.16.100.1]
Oct 1 20:35:59 localhost postfix/smtpd[1788]: DE677BEEDA: client=mail.magedu.com[172.16.100.1]
Oct 1 20:36:10 localhost postfix/cleanup[1791]: DE677BEEDA: message-id=<20151001123559.DE677BEEDA@mail.magedu.com>
Oct 1 20:36:10 localhost postfix/qmgr[1782]: DE677BEEDA: from=<abc@abc.com>, size=318, nrcpt=1 (queue active)
Oct 1 20:36:10 localhost postfix/smtp[1792]: DE677BEEDA: to=<obama@whitehouse.com>, relay=none, delay=28, delays=28/0.01/0.08/0, dsn
=4.4.3, status=deferred (Host or domain name not found. Name service error for name=whitehouse.com type=MX: Host not found, try again
)(deferred延迟发送,对方的MX记录找不到)
Oct 1 20:36:15 localhost postfix/smtpd[1788]: disconnect from mail.magedu.com[172.16.100.1]
[root@mail postfix]# vim main.cf(编辑postfix主配置文件mian.cf)
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
#mynetworks = 172.16.0.0/16, 127.0.0.0/8
mynetworks = 127.0.0.0/8
/mynetworks
[root@mail postfix]# service postfix restart(重启postfix服务)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
使用Windows通过xshell连接邮件服务器测试;
[c:\~]$ telnet 172.16.100.1 25
Connecting to 172.16.100.1:25...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
220 mail.magedu.com ESMTP Postfix
helo mail.magedu.com(通过smtp协议向mail.magedu.com发送hello信息)
250 mail.magedu.com
mail from:root@magedu.com(发件人)
250 2.1.0 Ok
rcpt to:a@b.net(收件人)
554 5.7.1 <a@b.net>: Relay access denied(不允许中继)
quit221 2.0.0 Bye(退出)
Connection closed by foreign host.
[root@mail ~]# telnet mail.magedu.com 25(连接mail.magedu.com的25号端口)
Trying 172.16.100.1...
Connected to mail.magedu.com (172.16.100.1).
Escape character is '^]'.
220 mail.magedu.com ESMTP Postfix
helo mail.magedu.com(通过smtp协议向服务器mail.magedu.com发送hello信息)
250 mail.magedu.com
mail from:a@magedu.com(发件人)
250 2.1.0 Ok
rcpt to:a@b.net(收件人)
554 5.7.1 <a@b.net>: Relay access denied(不允许中继)
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
提示:mail.magedu.com会被解析为172.16.100.1,不允许中继;
[root@mail ~]# telnet 127.0.0.1 25(连接127.0.0.1的25号端口)
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.magedu.com ESMTP Postfix
helo localhost(通过smtp协议向服务器localhost发送hello信息)
250 mail.magedu.com
mail from:a@magedu.com(发件人)
250 2.1.0 Ok
rcpt to:a@b.net(收件人)
250 2.1.5 Ok
quit(退出)
221 2.0.0 Bye
Connection closed by foreign host.
提示:通过127.0.0.1允许中继;
[root@mail postfix]# vim main.cf(编辑postfix服务main.cf主配置文件)
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 172.16.0.0/16, 127.0.0.0/8
[root@mail postfix]# service postfix restart(重启postfix服务)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
测试:使用windows xp的outlook express当作客户端,发送邮件;
C:\Documents and Settings\Administrator>ipconfig(查看地址配置)
Windows IP Configuration
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 172.16.100.66
Subnet Mask . . . . . . . . . . . : 255.255.0.0
C:\Documents and Settings\Administrator>ping 172.16.100.1(ping测试)
Pinging 172.16.100.1 with 32 bytes of data:
Reply from 172.16.100.1: bytes=32 time<1ms TTL=64
Reply from 172.16.100.1: bytes=32 time<1ms TTL=64
Reply from 172.16.100.1: bytes=32 time<1ms TTL=64
Reply from 172.16.100.1: bytes=32 time<1ms TTL=64
Ping statistics for 172.16.100.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
通过开始--程序---Outlook Express打开程序;
[root@mail postfix]# tail /etc/passwd(查看/etc/passwd文件后10行) sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin Smoke:x:500:500:Smoke:/home/Smoke:/bin/bash oprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/sbin/nologin mysql:x:306:306::/home/mysql:/bin/bash postfix:x:2525:2525::/home/postfix:/sbin/nologin postdrop:x:2526:2526::/home/postdrop:/sbin/nologin openstack:x:2527:2527::/home/openstack:/bin/bash hadoop:x:2528:2528::/home/hadoop:/bin/bash tomcat:x:2529:2529::/home/tomcat:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin 提示:使用其他主机用户邮件的时候,这个用户一定不能是管理员,必须是个普通用户,而且这个用户得有密码,不然连接不进来; [root@mail postfix]# passwd hadoop(给hadoop用户添加密码) Changing password for user hadoop. New UNIX password: BAD PASSWORD: it is based on a dictionary word Retype new UNIX password: passwd: all authentication tokens updated successfully.
在Outlook Express点击设置邮件帐号,填写显示名称Hadoop,点击下一步;
填写电子邮件地址为hadoop@magedu.com,点击下一步;
填写接收邮件和发送邮件服务器地址为172.16.100.1,点击下一步;
填写帐号hadoop密码hadoop点击下一步,点击完成;
点击接收发送全部邮件,接收不到,POP3协议没有110端口;
现在不能收邮件,但是发邮件是可以的,选择创建邮件,收件人openstack@magedu.com,填写主题、内容,点击发送;
点击已发送邮件可以查看发送成功的邮件;
[root@mail postfix]# tail /var/log/maillog Oct 1 21:26:09 localhost postfix/smtp[2151]: 5FFB0BEEC7: to=<a@a.org>, relay=none, delay=27680, delays=27679/0.01/0.48/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=a.org type=MX: Host not found, try again) Oct 1 21:28:01 localhost postfix/smtpd[2157]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 1 21:28:01 localhost postfix/smtpd[2157]: connect from unknown[172.16.100.66] Oct 1 21:28:01 localhost postfix/smtpd[2157]: 385CBBEEE2: client=unknown[172.16.100.66] Oct 1 21:28:01 localhost postfix/cleanup[2160]: 385CBBEEE2: message-id=<36875802067241C98EBD87C6971E8693@L2ONFSGJ0XI6NYT> Oct 1 21:28:01 localhost postfix/qmgr[2109]: 385CBBEEE2: from=<hadoop@magedu.com>, size=1426, nrcpt=1 (queue active)(发件人) Oct 1 21:28:01 localhost postfix/smtpd[2157]: disconnect from unknown[172.16.100.66] Oct 1 21:28:01 localhost postfix/local[2161]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 1 21:28:01 localhost postfix/local[2161]: 385CBBEEE2: to=<openstack@magedu.com>, relay=local, delay=0.26, delays=0.06/0.01/0/0.19, dsn=2.0.0, status=sent (delivered to mailbox)(收件人,状态sent,delivered to mailbox已经发出去了) Oct 1 21:28:01 localhost postfix/qmgr[2109]: 385CBBEEE2: removed [root@mail ~]# su - openstack(切换到openstack用户) [openstack@mail ~]$ mail(收邮件) Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/openstack": 1 message 1 unread >U 1 hadoop@magedu.com Thu Oct 1 21:28 45/1551 "OE test" & 1 Message 1: From hadoop@magedu.com Thu Oct 1 21:28:01 2015 X-Original-To: openstack@magedu.com Delivered-To: openstack@magedu.com From: "Hadoop" <hadoop@magedu.com> To: <openstack@magedu.com> Subject: OE test Date: Tue, 27 Oct 2015 17:06:10 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000B_01D110D9.C6FA38D0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994 This is a multi-part message in MIME format. ------=_NextPart_000_000B_01D110D9.C6FA38D0 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 T0UgVEVTVCE= ------=_NextPart_000_000B_01D110D9.C6FA38D0 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64(base64编码的) PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBuYW1lPUdFTkVSQVRPUiBjb250 ZW50PSJNU0hUTUwgOC4wMC42MDAxLjE4NzAyIj4NCjxTVFlMRT48L1NUWUxFPg0KPC9IRUFEPg0K PEJPRFkgYmdDb2xvcj0jZmZmZmZmPg0KPERJVj48Rk9OVCBzaXplPTI+T0UgVEVTVCE8L0ZPTlQ+ PC9ESVY+PC9CT0RZPjwvSFRNTD4NCg== ------=_NextPart_000_000B_01D110D9.C6FA38D0-- & [root@mail ~]# openssl base64(使用base64编码) a [root@mail ~]# echo "abc" | openssl base64(显示abc送给管道显示base64编码) YWJjCg==
看邮件服务器是否能够中继,选择创建邮件,收件人openstack@magedu.com,填写主题、内容,点击发送;
[root@mail postfix]# tail /var/log/maillog(查看maillog日志文件后10行) Oct 1 21:28:01 localhost postfix/local[2161]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 1 21:28:01 localhost postfix/local[2161]: 385CBBEEE2: to=<openstack@magedu.com>, relay=local, delay=0.26, delays=0.06/0. 01/0/0.19, dsn=2.0.0, status=sent (delivered to mailbox) Oct 1 21:28:01 localhost postfix/qmgr[2109]: 385CBBEEE2: removed Oct 1 21:35:35 localhost postfix/smtpd[2241]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 1 21:35:35 localhost postfix/smtpd[2241]: connect from unknown[172.16.100.66] Oct 1 21:35:35 localhost postfix/smtpd[2241]: 0D6B6BEEE3: client=unknown[172.16.100.66] Oct 1 21:35:35 localhost postfix/cleanup[2244]: 0D6B6BEEE3: message-id=<95A7E817AFCC4A6A84525685901CADEC@L2ONFSGJ0XI6NYT> Oct 1 21:35:35 localhost postfix/qmgr[2109]: 0D6B6BEEE3: from=<hadoop@magedu.com>, size=1414, nrcpt=1 (queue active) Oct 1 21:35:35 localhost postfix/smtpd[2241]: disconnect from unknown[172.16.100.66] Oct 1 21:35:35 localhost postfix/smtp[2245]: 0D6B6BEEE3: to=<obama@aol.com>, relay=none, delay=0.47, delays=0.05/0.01/0.41/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=aol.com type=MX: Host not found, try ag ain)(解不了MX记录,给中继的) 安装配置POP3服务器: [root@mail postfix]# cd(切换到用户家目录) [root@mail ~]# yum install dovecot(通过yum源安装dovecot软件) [root@mail ~]# vim /etc/dovecot.conf(编辑dovecot.conf配置文件) protocols = imap pop3 /protocols [root@mail ~]# service dovecot start Starting Dovecot Imap: [ OK ] [root@mail ~]# netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3525/./hpiod tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 10780/php-fpm tcp 0 0 0.0.0.0:879 0.0.0.0:* LISTEN 3241/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3202/portmap tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 1030/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1030/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3557/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3569/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 2108/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1030/named tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 2362/sshd tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 2393/sshd tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3530/python tcp 0 0 :::3306 :::* LISTEN 3725/mysqld tcp 0 0 :::110 :::* LISTEN 2551/dovecot tcp 0 0 :::143 :::* LISTEN 2551/dovecot tcp 0 0 :::80 :::* LISTEN 6432/httpd tcp 0 0 :::22 :::* LISTEN 3557/sshd tcp 0 0 ::1:953 :::* LISTEN 1030/named tcp 0 0 ::1:6010 :::* LISTEN 2362/sshd tcp 0 0 ::1:6011 :::* LISTEN 2393/sshd 提示:监听端口110和143表示dovecot启动;
测试:通过windows xp的outlook express当作客户端收邮件;
选择创建邮件,填写收件人openstack@magedu.com,主题、内容,点击发送;
[root@mail ~]# tail /var/log/maillog(查看maillog日志文件后10行) Oct 1 22:51:09 localhost postfix/smtp[2615]: 0D6B6BEEE3: to=<obama@aol.com>, relay=none, delay=4535, delays=4534/0.02/0.4/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=aol.com type=MX: Host not found, try again) Oct 1 22:56:12 localhost postfix/smtpd[2626]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 1 22:56:12 localhost postfix/smtpd[2626]: connect from unknown[172.16.100.66] Oct 1 22:56:12 localhost postfix/smtpd[2626]: 15B73BEEEE: client=unknown[172.16.100.66] Oct 1 22:56:12 localhost postfix/cleanup[2629]: 15B73BEEEE: message-id=<BB947CDECFFE48408524FA48ACF584FD@L2ONFSGJ0XI6NYT> Oct 1 22:56:12 localhost postfix/qmgr[2109]: 15B73BEEEE: from=<hadoop@magedu.com>, size=1434, nrcpt=1 (queue active) Oct 1 22:56:12 localhost postfix/local[2630]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 1 22:56:12 localhost postfix/smtpd[2626]: disconnect from unknown[172.16.100.66] Oct 1 22:56:12 localhost postfix/local[2630]: 15B73BEEEE: to=<openstack@magedu.com>, relay=local, delay=0.06, delays=0.05/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)(状态为sent,已经delivered to mailbox) Oct 1 22:56:12 localhost postfix/qmgr[2109]: 15B73BEEEE: removed 让openstack收邮件: [root@mail ~]# passwd openstack(为openstack用户添加密码) Changing password for user openstack. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@mail ~]# telnet mail.magedu.com 110 Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. +OK Dovecot ready.(dovecot已经准备好) USER openstack(用户openstack) +OK PASS openstack(密码) +OK Logged in. LIST(列出邮件) +OK 1 messages: 1 1541 . RETR 1(查看第一封邮件) +OK 1541 octets Return-Path: <hadoop@magedu.com> X-Original-To: openstack@magedu.com Delivered-To: openstack@magedu.com Received: from L2ONFSGJ0XI6NYT (unknown [172.16.100.66]) by mail.magedu.com (Postfix) with SMTP id 15B73BEEEE for <openstack@magedu.com>; Thu, 1 Oct 2015 22:56:12 +0800 (CST) Message-ID: <BB947CDECFFE48408524FA48ACF584FD@L2ONFSGJ0XI6NYT> From: "Hadoop" <hadoop@magedu.com> To: <openstack@magedu.com> Subject: FROM OE Date: Wed, 28 Oct 2015 10:38:20 +0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001D_01D1116C.C3877670" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5931 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5994 This is a multi-part message in MIME format. ------=_NextPart_000_001D_01D1116C.C3877670 Content-Type: text/plain; charset="gb2312" Content-Transfer-Encoding: base64 SG93IGFyZSB5YT8= ------=_NextPart_000_001D_01D1116C.C3877670 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: base64 PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv L0VOIj4NCjxIVE1MPjxIRUFEPg0KPE1FVEEgY29udGVudD0idGV4dC9odG1sOyBjaGFyc2V0PWdi MjMxMiIgaHR0cC1lcXVpdj1Db250ZW50LVR5cGU+DQo8TUVUQSBuYW1lPUdFTkVSQVRPUiBjb250 ZW50PSJNU0hUTUwgOC4wMC42MDAxLjE4NzAyIj4NCjxTVFlMRT48L1NUWUxFPg0KPC9IRUFEPg0K PEJPRFkgYmdDb2xvcj0jZmZmZmZmPg0KPERJVj48Rk9OVCBzaXplPTI+SG93IGFyZSB5YT88L0ZP TlQ+PC9ESVY+PC9CT0RZPjwvSFRNTD4NCg== ------=_NextPart_000_001D_01D1116C.C3877670-- . quit(退出) +OK Logging out. Connection closed by foreign host. [root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 mail.magedu.com ESMTP Postfix helo mail.magedu.com(通过smtp协议向mail.magedu.com发送hello信息) 250 mail.magedu.com mail from:obama@aol.com(发件人) 250 2.1.0 Ok rcpt to:hadoop@magedu.com(收件人) 250 2.1.5 Ok data(正文) 354 End data with <CR><LF>.<CR><LF> Subject:Hello, I an obama(主题) Da dao jinsanpang.(内容) .(发送) 250 2.0.0 Ok: queued as D6659BEEEE quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# tail /var/log/maillog Oct 1 23:10:14 localhost postfix/smtpd[2662]: connect from ns.magedu.com[172.16.100.1] Oct 1 23:10:43 localhost postfix/smtpd[2662]: D6659BEEEE: client=ns.magedu.com[172.16.100.1] Oct 1 23:11:09 localhost postfix/qmgr[2109]: DE677BEEDA: from=<abc@abc.com>, size=318, nrcpt=1 (queue active) Oct 1 23:11:09 localhost postfix/smtp[2668]: DE677BEEDA: to=<obama@whitehouse.com>, relay=none, delay=9326, delays=9326/0.01/0.54/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=whitehouse.com type=MX: Host not found, try again) Oct 1 23:11:32 localhost postfix/cleanup[2667]: D6659BEEEE: message-id=<20151001151043.D6659BEEEE@mail.magedu.com> Oct 1 23:11:32 localhost postfix/qmgr[2109]: D6659BEEEE: from=<obama@aol.com>, size=355, nrcpt=1 (queue active) Oct 1 23:11:32 localhost postfix/local[2670]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 1 23:11:32 localhost postfix/local[2670]: D6659BEEEE: to=<hadoop@magedu.com>, relay=local, delay=57, delays=57/0.01/0/0.01, dsn=2. 0.0, status=sent (delivered to mailbox)(已经发送到mailbox) Oct 1 23:11:32 localhost postfix/qmgr[2109]: D6659BEEEE: removed Oct 1 23:11:34 localhost postfix/smtpd[2662]: disconnect from ns.magedu.com[172.16.100.1]
测试:通过windows xp的outlook express收邮件;
点击接收全部邮件,点击收件箱;
让postfix结合sasl实现用户认证:
[root@mail ~]# vim /etc/sysconfig/saslauthd(编辑saslauthd配置文件)
MECH=pam(认证方式有那些)
[root@mail ~]# saslauthd -v(查看sasl支持那些认证方式)
saslauthd 2.1.22
authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap(支持的认证模块)
[root@mail ~]# vim /etc/sysconfig/saslauthd(编辑saslauthd配置文件)
#MECH=pam
MECH=shadow(到/etc/passwd和/etc/shadow中找帐号密码)
[root@mail ~]# service saslauthd status(查看saslauthd服务状态)
saslauthd is stopped
[root@mail ~]# service saslauthd start(启动saslauthd服务)
Starting saslauthd: [ OK ]
[root@mail ~]# chkconfig saslauthd on(让saslauthd服务在相应系统级别自动启动)
[root@mail ~]# testsaslauthd -h(查看testsaslauthd帮助信息)
testsaslauthd: invalid option -- h
testsaslauthd: usage: testsaslauthd -u username(用户名) -p password(密码)
[-r realm] [-s servicename]
[-f socket path] [-R repeatnum]
[root@mail ~]# testsaslauthd -u openstack -p openstack(通过用户oepnstack测试saslauthd服务)
0: OK "Success."
[root@mail ~]# postconf -a(查看postfix是否支持sasl认证,-a验证服务端能力)
cyrus(支持sasl)
dovecot
[root@mail ~]# postconf -m(查找存储文件格式)
btree
cidr
environ
fail
hash
internal
memcache
mysql
nis
pcre
proxy
regexp
socketmap
static
tcp
texthash
unix
[root@mail ~]# vim /etc/postfix/access(编辑access配置文件)
172.16.100.66 REJECT
提示:拒绝172.16.100.66发邮件,没有定义的都是允许的,access是黑名单文件;
[root@mail ~]# postmap /etc/postfix/access(将access文件做成hash格式文件)
[root@mail ~]# ls /etc/postfix/(查看/etc/postfix目录文件及子目录)
access aliases canonical header_checks main.cf makedefs.out relocated transport
access.db bounce.cf.default generic LICENSE main.cf.default master.cf TLS_LICENSE virtual
提示:access.db是生成的hash文件;
[root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件)
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
/smtpd
[root@mail ~]# postconf -n(查看postfix主配置文件main.cf修改的选项)
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, $mydomain, localhost, ns.$mydomain
mydomain = magedu.com
myhostname = mail.magedu.com
mynetworks = 172.16.0.0/16, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
unknown_local_recipient_reject_code = 550
[root@mail ~]# service postfix restart(重启postfix)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
测试:通过windows xp的outlook express发送邮件;
点击创建邮件,填写收件人、主题、内容;
点击发送,直接被拒绝,服务器错误544(永久性错误);
[root@mail ~]# vim /etc/postfix/access(编辑access配置文件) whitehouse.com REJECT(凡是whitehouse.com域的用户都拒绝) [root@mail ~]# postmap /etc/postfix/access(将access文件转换成二进制格式) [root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf) #smtpd_client_restrictions = check_client_access hash:/etc/postfix/access smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access [root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ]
测试:通过windows xp的outlook express发送邮件;
点击发送全部邮件,刚才那封邮件发送出去了,点击已发送邮件查看;
[root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 mail.magedu.com ESMTP Postfix helo mail.magedu.com(通过smtp协议向mail.magedu.com发送helo信息) 250 mail.magedu.com mail from:obama@whitehouse.com(发件人) 250 2.1.0 Ok rcpt to:openstack@magedu.com(收件人) 554 5.7.1 <obama@whitehouse.com>: Sender address rejected: Access denied(拒绝) quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# vim /etc/postfix/recipient openstack@ REJECT(不允许向openstack用户发邮件) [root@mail ~]# postmap /etc/postfix/recipient(将recipient转换成二进制文件) [root@mail ~]# ls /etc/postfix/(查看/etc/postfix目录文件及子目录) access aliases canonical header_checks main.cf makedefs.out recipient relocated transport access.db bounce.cf.default generic LICENSE main.cf.default master.cf recipient.db TLS_LICENSE virtual [root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf) #smtpd_client_restrictions = check_client_access hash:/etc/postfix/access smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient (permit_mynetworks, reject_unauth_destination, 默认必须得写) [root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ]
测试:通过windows xp的outlook express发送邮件;
点击创建邮件,填写收件人、主题、内容,点击发送;
[root@mail ~]# tail /var/log/maillog(查看maillog日志文件后10行) Oct 2 05:32:11 localhost postfix/smtp[5406]: 5FFB0BEEC7: to=<a@a.org>, relay=none, delay=56841, delays=56840/0.01/0.8/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=a.org type=MX: Host not found, try again) Oct 2 05:36:01 localhost postfix/smtpd[5415]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 2 05:36:01 localhost postfix/smtpd[5415]: connect from unknown[172.16.100.66] Oct 2 05:36:01 localhost postfix/smtpd[5415]: C9B37BEE48: client=unknown[172.16.100.66] Oct 2 05:36:01 localhost postfix/cleanup[5418]: C9B37BEE48: message-id=<D92D5873D089460EBF0C6D1AF1D9F70C@L2ONFSGJ0XI6NYT> Oct 2 05:36:01 localhost postfix/qmgr[5402]: C9B37BEE48: from=<hadoop@magedu.com>, size=1400, nrcpt=1 (queue active) Oct 2 05:36:01 localhost postfix/smtpd[5415]: disconnect from unknown[172.16.100.66] Oct 2 05:36:01 localhost postfix/local[5419]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 2 05:36:01 localhost postfix/local[5419]: C9B37BEE48: to=<root@magedu.com>, relay=local, delay=0.06, delays=0.05/0.01/0/0, dsn=2. 0.0, status=sent (delivered to mailbox)(状态为sent,delivered to mailbox) Oct 2 05:36:01 localhost postfix/qmgr[5402]: C9B37BEE48: removed
创建邮件,填写收件人、主题、内容,点击发送;
[root@mail ~]# tail /var/log/maillog(查看maillog日志文件后10行)
Oct 2 05:36:01 localhost postfix/qmgr[5402]: C9B37BEE48: removed
Oct 2 05:38:05 localhost postfix/smtpd[5425]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct 2 05:38:05 localhost postfix/smtpd[5425]: connect from unknown[172.16.100.66]
Oct 2 05:38:05 localhost postfix/smtpd[5425]: 28D14BEE48: client=unknown[172.16.100.66]
Oct 2 05:38:05 localhost postfix/cleanup[5428]: 28D14BEE48: message-id=<F84995371C554FC3A60C6AE02594140C@L2ONFSGJ0XI6NYT>
Oct 2 05:38:05 localhost postfix/qmgr[5402]: 28D14BEE48: from=<hadoop@magedu.com>, size=1449, nrcpt=1 (queue active)
Oct 2 05:38:05 localhost postfix/smtpd[5425]: disconnect from unknown[172.16.100.66]
Oct 2 05:38:05 localhost postfix/local[5429]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Oct 2 05:38:05 localhost postfix/local[5429]: 28D14BEE48: to=<openstack@magedu.com>, relay=local, delay=0.06, delays=0.05/0/0/0, dsn=
2.0.0, status=sent (delivered to mailbox)
Oct 2 05:38:05 localhost postfix/qmgr[5402]: 28D14BEE48: removed(状态为sent,发送成功)
[root@mail ~]# su - openstack(切换到openstack用户)
[openstack@mail ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/openstack": 3 messages 2 new
1 hadoop@magedu.com Thu Oct 1 22:56 47/1653 "FROM OE"
>N 2 hadoop@magedu.com Fri Oct 2 02:11 44/1541 "fdsafda"
N 3 hadoop@magedu.com Fri Oct 2 05:38 44/1564 "RECIPIENT TEST"
& quit
Held 3 messages in /var/spool/mail/openstack
提示:发送过来了,看来是不对的,有问题;
[openstack@mail ~]$ exit(退出当前用户)
[root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf)
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, check_recipient_access hash:/etc/postfix/recipient
[root@mail ~]# vim /etc/postfix/recipient(编辑recipient文件)
openstack@ REJECT
[root@mail ~]# vim /etc/postfix/main.cf(编辑main.cf配置文件)
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient, permit_mynetworks, reject_unauth_destination(将
check_recipient_access hash:/etc/postfix/recipient放到前面)
[root@mail ~]# service postfix restart(重启postfix服务)
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口)
Trying 172.16.100.1...
Connected to mail.magedu.com (172.16.100.1).
Escape character is '^]'.
220 mail.magedu.com ESMTP Postfix
helo mail.magedu.com(向mail.magedu.com发送helo信息)
250 mail.magedu.com
mail from:root@magedu.com
250 2.1.0 Ok
rcpt to:openstack@magedu.com
554 5.7.1 <openstack@magedu.com>: Recipient address rejected: Access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
创建邮件,填写收件人、主题、内容,点击发送;
现在正常了,拒绝收件人openstack@用户;
邮件别名使用:
[root@mail ~]# vim /etc/aliases(编辑aliases文件) a: hadoop tomcat: hadoop 提示:将发给a和tomcat用户的邮件转给hadoop用户; [root@mail ~]# newaliases(生成新别名) [root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ]
测试:通过windows xp的outlook express发送邮件;
点击创建邮件,填写收件人、主题、内容,点击发送;
点击接收全部邮件,点击收件箱,收到发送给tomcat用户的邮件;
[root@mail ~]# su - tomcat(切换到tomcat用户) [tomcat@mail ~]$ mail(收邮件) No mail for tomcat 提示:邮件tomcat自己收不到了,统统转给hadoop用户了;
点击创建邮件,填写收件人、主题、内容,点击发送;
点击接收全部邮件,点击收件箱,收到发送给a用户的邮件;
启动sasl:
[tomcat@mail ~]$ !tel telnet 172.16.100.1 25 Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 mail.magedu.com ESMTP Postfix(欢迎信息,banner) quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf) ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unknow n_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth _destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_path = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! 提示:贴到main.cf最后; [root@mail ~]# vim /usr/lib/sasl2/smtpd.conf(编辑smtpd.conf文件) pwcheck_method: saslauthd mech_list: LOGIN PLAIN [root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件mian.cf) #mynetworks = 168.100.189.0/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table mynetworks = 127.0.0.0/8 /mynetworks 提示:只给本机中继; [root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@mail ~]# telnet 172.16.100.1 25 Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available!(定义的banner) ehlo mial.magedu.com 250-mail.magedu.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN(出现两行LOGIN PLAIN表示开始支持认证了) 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:root@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hello@aol.com(收件人) 554 5.7.1 <hello@aol.com>: Relay access denied(不允许中继) quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# echo "hadoop" | openssl base64(显示hadoop将结果送给管道输出base64编码) aGFkb29wCg== 提示:这样也不行因为echo默认会打印换行符; [root@mail ~]# echo -n "hadoop" | openssl base64(显示hadoop将结果送给管道输出base64编码,-n不允许换行) aGFkb29w [root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! ehlo mail.magedu.com(通过esmtp向服务器发送ehlo信息) 250-mail.magedu.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN auth login(认证登录) 334 VXNlcm5hbWU6 aGFkb29w(用户名,bash64类型编码) 334 UGFzc3dvcmQ6 aGFkb29w(密码,bash64类型编码) 235 2.7.0 Authentication successful(认证成功) mail from:root@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hello@aol.com(收件人) 554 5.7.1 <hello@aol.com>: Relay access denied(拒绝中继) quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! auth login(认证登录) 334 VXNlcm5hbWU6 aGFkb29w(用户名hadoop) 334 UGFzc3dvcmQ6 aGFkb29w(密码hadoop) 235 2.7.0 Authentication successful rcpt to:hello@aol.com(收件人) 503 5.5.1 Error: need MAIL command mail from:hadoop@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hello@aol.com(收件人) 554 5.7.1 <hello@aol.com>: Relay access denied(拒绝中继) quit 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! auth login(认证登录) 334 VXNlcm5hbWU6 aGFkb29w(用户名) 334 UGFzc3dvcmQ6 aGFkb29w(密码) 235 2.7.0 Authentication successful mail from:hadoop@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hadoop@magedu.com(收件人) 250 2.1.5 Ok quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件mian.cf) #smtpd_client_restrictions = check_client_access hash:/etc/postfix/access #smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/access #smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient, permit_mynetworks, reject_unauth_destination /smtpd [root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! mail from:hadoop@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hadoop@magedu.com(收件人) 250 2.1.5 Ok quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! mail from:hadoop@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hello@aol.com(收件人) 554 5.7.1 <hello@aol.com>: Relay access denied(拒绝中继) quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to mail.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! auth login(认证登录) 334 VXNlcm5hbWU6 aGFkb29w(用户名) 334 UGFzc3dvcmQ6 aGFkb29w(密码) 235 2.7.0 Authentication successful mail from:hadoop@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hello@aol.com(收件人) 554 5.7.1 <hello@aol.com>: Relay access denied quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf) ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_unkno wn_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_unauth _destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_path = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! [root@mail ~]# tail /var/log/maillog(查看maillog日志文件后10行) Oct 2 08:05:14 localhost postfix/smtpd[6524]: NOQUEUE: reject: RCPT from ns.magedu.com[172.16.100.1]: 554 5.7.1 <hello@aol.com>: Relay access denied; from=<hadoop@magedu.com> to=<hello@aol.com> proto=SMTP Oct 2 08:06:28 localhost postfix/qmgr[6436]: 0D6B6BEEE3: from=<hadoop@magedu.com>, size=1414, nrcpt=1 (queue active) Oct 2 08:06:28 localhost postfix/smtp[6544]: 0D6B6BEEE3: to=<obama@aol.com>, relay=none, delay=37854, delays=37853/0.01/0.82/0, dsn=4.4 .3, status=deferred (Host or domain name not found. Name service error for name=aol.com type=MX: Host not found, try again) Oct 2 08:08:02 localhost postfix/smtpd[6524]: disconnect from ns.magedu.com[172.16.100.1] Oct 2 08:08:15 localhost postfix/smtpd[6524]: connect from ns.magedu.com[172.16.100.1] Oct 2 08:08:49 localhost postfix/anvil[6526]: statistics: max connection rate 1/60s for (smtp:172.16.100.1) at Oct 2 07:58:49 Oct 2 08:08:49 localhost postfix/anvil[6526]: statistics: max connection count 1 for (smtp:172.16.100.1) at Oct 2 07:58:49 Oct 2 08:08:49 localhost postfix/anvil[6526]: statistics: max cache size 1 at Oct 2 07:58:49 Oct 2 08:08:56 localhost postfix/smtpd[6524]: NOQUEUE: reject: RCPT from ns.magedu.com[172.16.100.1]: 554 5.7.1 <hello@aol.com>: Relay access denied; from=<hadoop@magedu.com> to=<hello@aol.com> proto=SMTP Oct 2 08:09:02 localhost postfix/smtpd[6524]: disconnect from ns.magedu.com[172.16.100.1]
测试:通过windows xp的outlook express发送邮件;
点击创建邮件,填写收件人、主题、内容;
中继被拒绝;
点击工具--账户--属性--服务器,选择我的服务器要求身份验证,点击设置--使用与接收邮件服务器相同设置;
点击发送接收全部邮件;
[root@mail ~]# getenforce(查看selinux状态) Permissive [root@mail ~]# vim /usr/lib/sasl2/smtpd.conf(编辑smtpd.conf配置文件) pwcheck_method: saslauthd mech_list: PLAIN LOGIN [root@mail ~]# vim /etc/postfix/main.cf(编辑main.cf配置文件) ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes #smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_ unknown_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,rejec t_unauth_destinationsmtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_path = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! [root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to ns.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! auth login(认证登录) 334 VXNlcm5hbWU6 aGFkb29w(用户名) 334 UGFzc3dvcmQ6 aGFkb29w(密码) 235 2.7.0 Authentication successful mail from:hadoop@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hello@aol.com(收件人) 554 5.7.1 <hello@aol.com>: Relay access denied(拒绝中继) rcpt to:
mynetworks
127.0.0.0/8
SASL认证:
postfix:
smtpd_client
[root@mail postfix-2.10.0]# testsaslauthd -u hadoop -p hadoop(测试hadoop用户sasl认证) 0: OK "Success." [root@mail postfix-2.10.0]# postconf -n(查看postfix服务配置main.cf修改的参数) broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 html_directory = no inet_protocols = ipv4 mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/local/man mydestination = $myhostname, $mydomain, localhost, ns.$mydomain mydomain = magedu.com myhostname = mail.magedu.com mynetworks = 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = no sample_directory = /etc/postfix sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous unknown_local_recipient_reject_code = 550 [root@mail postfix-2.10.0]# cd(切换到用户家目录) [root@mail ~]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf) ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes #smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_un known_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,reject_u nauth_destination smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_path = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! [root@mail ~]# service postfix restart(重启postfix服务) Shutting down postfix: [ OK ] Starting postfix: [ OK ]
测试:通过windows xp的outlook express发送接收全部邮件;
[root@mail ~]# vim /usr/lib/sasl2/smtpd.conf(编辑smtpd.conf配置文件) pwcheck_method: saslauthd mech_list: PLAIN LOGIN [root@mail ~]# service saslauthd restart(重启saslauthd服务) Stopping saslauthd: [ OK ] Starting saslauthd: [ OK ]
测试:通过windows xp的outlook express发送接收全部邮件,仍然不行;
[root@mail ~]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to ns.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! auth login(认证登录) 334 VXNlcm5hbWU6 aGFkb29w(用户名) 334 UGFzc3dvcmQ6 aGFkb29w(密码) 235 2.7.0 Authentication successful mail from:hadoop@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hello@aol.com(收件人) 554 5.7.1 <hello@aol.com>: Relay access denied(拒绝中继) quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail ~]# service postfix stop(停止postfix服务) Shutting down postfix: [ OK ] 更换postfix为2.9.6版本; [root@mail ~]# ls(查看当前目录文件及子目录) anaconda-ks.cfg httpd-2.4.4.tar.bz2 mhash-0.9.2-6.el5.i386.rpm postfix-2.10.0 apr-1.4.6 install.log mhash-devel-0.9.2-6.el5.i386.rpm postfix-2.10.0.tar.gz apr-1.4.6.tar.bz2 install.log.syslog mysql-5.6.10-linux-glibc2.5-i686.tar.gz postfix-2.9.6.tar.gz apr-util-1.4.1 libmcrypt-2.5.7-5.el5.i386.rpm php-5.4.13 xcache-3.0.1 apr-util-1.4.1.tar.bz2 libmcrypt-devel-2.5.7-5.el5.i386.rpm php-5.4.13.tar.bz2 xcache-3.0.1.tar.bz2 httpd-2.4.4 mbox phpMyAdmin-3.5.1-all-languages.tar.bz2 提示:postfix-2.9.6下载完成; [root@mail ~]# rm -rf /etc/postfix/(删除/etc/postfix目录,-r递归删除,-f强制删除) [root@mail ~]# tar xf postfix-2.9.6.tar.gz(解压postfix-2.9.6,x解压,f后面跟文件名) [root@mail ~]# cd postfix-2.9.6(切换到postfix-2.9.6目录) [root@mail postfix-2.9.6]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/inc lude/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'(配置postfix) [root@mail postfix-2.9.6]# make(编译) [root@mail postfix-2.9.6]# make install(安装) Please specify the prefix for installed file names. Specify this ONLY if you are building ready-to-install packages for distribution to OTHER machines. See PACKAGE_README for instructions. install_root: [/] Please specify a directory for scratch files while installing Postfix. You must have write permission in this directory. tempdir: [/root/postfix-2.9.6] Please specify the final destination directory for installed Postfix configuration files. config_directory: [/etc/postfix] Please specify the final destination directory for installed Postfix administrative commands. This directory should be in the command search path of adminstrative users. command_directory: [/usr/sbin] Please specify the final destination directory for installed Postfix daemon programs. This directory should not be in the command search path of any users. daemon_directory: [/usr/libexec/postfix] Please specify the final destination directory for Postfix-writable data files such as caches or random numbers. This directory should not be shared with non-Postfix software. data_directory: [/var/lib/postfix] Please specify the destination directory for the Postfix HTML files. Specify "no" if you do not want to install these files. html_directory: [no] Please specify the owner of the Postfix queue. Specify an account with numerical user ID and group ID values that are not used by any other accounts on the system. mail_owner: [postfix] Please specify the final destination pathname for the installed Postfix mailq command. This is the Sendmail-compatible mail queue listing command. mailq_path: [/usr/bin/mailq] Please specify the destination directory for the Postfix on-line manual pages. You can no longer specify "no" here. manpage_directory: [/usr/local/man] Please specify the final destination pathname for the installed Postfix newaliases command. This is the Sendmail-compatible command to build alias databases for the Postfix local delivery agent. newaliases_path: [/usr/bin/newaliases] Please specify the final destination directory for Postfix queues. queue_directory: [/var/spool/postfix] Please specify the destination directory for the Postfix README files. Specify "no" if you do not want to install these files. readme_directory: [no] Please specify the final destination pathname for the installed Postfix sendmail command. This is the Sendmail-compatible mail posting interface. sendmail_path: [/usr/sbin/sendmail] Please specify the group for mail submission and for queue management commands. Specify a group name with a numerical group ID that is not shared with other accounts, not even with the Postfix mail_owner account. You can no longer specify "no" here. setgid_group: [postdrop] 提示:都使用默认配置; [root@mail postfix-2.9.6]# vim /etc/postfix/main.cf(编辑postfix主配置文件main.cf) #myhostname = host.domain.tld #myhostname = virtual.domain.tld myhostname = mail.magedu.com mydomain = magedu.com #myorigin = $myhostname #myorigin = $mydomain myorigin = $mydomain #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost #mydestination = $myhostname, localhost.$mydomain, localhost #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain mydestination = $myhostname, $mydomain, localhost, ns.$mydomain #mynetworks = 168.100.189.0/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table mynetworks = 127.0.0.0/8 ############################CYRUS-SASL############################ broken_sasl_auth_clients = yes smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_invalid_hostname,reject_non_fqdn_hostname,reject_un known_sender_domain,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_pipelining,rejec t_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous smtpd_sasl_path = smtpd smtpd_banner = Welcome to our $myhostname ESMTP,Warning: Version not Available! /myhostname /mynetworks :$ [root@mail postfix-2.9.6]# service postfix start(启动postfix服务) Starting postfix: [ OK ] [root@mail postfix-2.9.6]# netstat -tnlp(查看系统服务,-t代表tcp,-n以数字显示,-l监听端口,-p显示服务名称) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3525/./hpiod tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 10780/php-fpm tcp 0 0 0.0.0.0:879 0.0.0.0:* LISTEN 3241/rpc.statd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3202/portmap tcp 0 0 172.16.100.1:53 0.0.0.0:* LISTEN 1030/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1030/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3557/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3569/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 12172/master tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1030/named tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 6806/sshd tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 7111/sshd tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN 7329/sshd tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3530/python tcp 0 0 :::3306 :::* LISTEN 3725/mysqld tcp 0 0 :::110 :::* LISTEN 2551/dovecot tcp 0 0 :::143 :::* LISTEN 2551/dovecot tcp 0 0 :::80 :::* LISTEN 6432/httpd tcp 0 0 :::22 :::* LISTEN 3557/sshd tcp 0 0 ::1:953 :::* LISTEN 1030/named tcp 0 0 ::1:6010 :::* LISTEN 6806/sshd tcp 0 0 ::1:6011 :::* LISTEN 7111/sshd tcp 0 0 ::1:6012 :::* LISTEN 7329/sshd [root@mail postfix-2.9.6]# telnet 172.16.100.1 25(连接172.16.100.1的25号端口) Trying 172.16.100.1... Connected to ns.magedu.com (172.16.100.1). Escape character is '^]'. 220 Welcome to our mail.magedu.com ESMTP,Warning: Version not Available! auth login(认证登录) 334 VXNlcm5hbWU6 aGFkb29w(用户名) 334 UGFzc3dvcmQ6 aGFkb29w(密码) 235 2.7.0 Authentication successful mail from:hadoop@magedu.com(发件人) 250 2.1.0 Ok rcpt to:hello@aol.com(收件人) 250 2.1.5 Ok data(内容) 354 End data with <CR><LF>.<CR><LF> .(发送) 250 2.0.0 Ok: queued as 57A0DBEE45 quit(退出) 221 2.0.0 Bye Connection closed by foreign host. [root@mail postfix-2.9.6]# tail /var/log/maillog(查看maillog日志文件后10行) Oct 2 11:38:14 localhost postfix/master[14693]: terminating on signal 15 Oct 2 11:38:14 localhost postfix/postfix-script[14787]: starting the Postfix mail system Oct 2 11:38:14 localhost postfix/master[14788]: daemon started -- version 2.9.6, configuration /etc/postfix Oct 2 11:38:20 localhost postfix/smtpd[14793]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Oct 2 11:38:20 localhost postfix/smtpd[14793]: connect from mail.magedu.com[172.16.100.1] Oct 2 11:39:24 localhost postfix/smtpd[14793]: 57A0DBEE45: client=mail.magedu.com[172.16.100.1], sasl_method=login, sasl_username=had oop@mail.magedu.com Oct 2 11:39:36 localhost postfix/cleanup[14799]: 57A0DBEE45: message-id=<20151002033924.57A0DBEE45@mail.magedu.com> Oct 2 11:39:36 localhost postfix/qmgr[14790]: 57A0DBEE45: from=<hadoop@magedu.com>, size=308, nrcpt=1 (queue active) Oct 2 11:39:36 localhost postfix/smtp[14800]: 57A0DBEE45: to=<hello@aol.com>, relay=none, delay=20, delays=19/0.01/0.7/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=aol.com type=MX: Host not found, try again)(状态deferred延 期,发送成功) Oct 2 11:39:37 localhost postfix/smtpd[14793]: disconnect from mail.magedu.com[172.16.100.1]
测试:通过windows xp的outlook express发送接收全部邮件,发送成功;
浙公网安备 33010602011771号