郵件服務Postfix+Sasl+Dovecot
環境:
DNS:192.168.200.100
mail:192.168.200.101
Bind服務配置
- 安裝Bind軟件包。
yum install -y bind
- Bind配置文件。
vim /etc/named.conf
12 options {
13 listen-on port 53 { 192.168.200.100; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 allow-query { any; };
- vim /etc/named.rfc1912.zones
zone "a.com" IN {
type master;
file "a.com.zone";
allow-update { none; };
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "200.168.192.arpa";
allow-update { none; };
};
- Bind正向區域文件。
cd /var/named
cp -p named.localhost a.com.zone
vim a.com.zone
$TTL 1D
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.a.com.
ns1 A 192.168.200.100
mail A 192.168.200.101
smtp A 192.168.200.101
pop3 A 192.168.200.101
@ MX 10 mail.a.com.
- Bind反向區域文件。
cp -p named.empty 200.168.192.arpa
vim 200.168.192.arpa
$TTL 3H
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.a.com.
100 PTR ns1.a.com.
101 PTR mail.a.com.
101 PTR pop3.a.com.
101 PTR smtp.a.com.
- 測試語法
named-checkconf /etc/named.conf
named-checkzone a.com /var/named/a.com.zone
named-checkzone 200.168.192 /var/named/a.com.arpa
- 啟動Bind服務。
systemctl restart named
systemctl enable named
ss -ntlu | grep 53
udp UNCONN 0 0 192.168.200.100:53 *:*
Postfix服務的配置
- mail服務器DNS改為192.168.200.100
vim /etc/sysconfig/network-scripts/ifcfg-ens32
DNS1=192.168.200.100
- mail服務器主機名改為mail.a.com
hostname mail.a.com
vim /etc/hostname
mail.a.com
- 安裝postfix軟件包(centos7默認安裝)
yum install -y postfix
- 設置運行postfix服務的郵件主機的主機名、域名。
vim /etc/postfix/main.cf
75 myhostname = mail.a.com
83 mydomain = a.com
- 從本機寄出郵件的域名名稱(@後的內容)
99 myorigin = $mydomain 或
99 myorigin = a.com
- 設置postfix監聽的IP地址
113 inet_interfaces = all 或
113 inet_interfaces = 192.168.200.101
- 設置允許投遞到本地的郵件域名
165 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
- 設置可轉發(Relay)哪些網絡的郵件
250 mynetworks_style = subnet
- 設置可轉發(Relay)哪些網域的郵件
296 relay_domains = $mydestination 或
296 relay_domains = a.com
- 設置郵件存儲位置和大小(字節)(0為不限制)
419 home_mailbox = Maildir/
420 message_size_limit = 10485760 #10M,附件最大值
421 mailbox_size_limit = 1073741824 #1G,郵箱大小
- 郵件用戶別名的配置,用於郵件轉發
386 alias_maps = hash:/etc/aliases
397 alias_database = hash:/etc/aliases
- 在文件最後添加:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous
- 創建用戶mail1、mail2、mail3並加入mailgroup用戶組
groupadd mailgroup
useradd -s /sbin/nologin -g mailgroup mail1
useradd -s /sbin/nologin -g mailgroup mail2
useradd -s /sbin/nologin -g mailgroup mail3
echo "1234" | passwd --stdin mail1
echo "1234" | passwd --stdin mail2
echo "1234" | passwd --stdin mail3
- 添加別名
vim /etc/aliases
99 mailgroup: mail1,mail3
100 mail3: mail2
postalias /etc/aliases
newaliases
- SMTP認證的配置
yum install -y cyrus-sasl
saslauthd -v #查看SASL版本和密碼認證機制
- 配置認證模式為shadow
#vim /etc/sysconfig/saslauthd
7 MECH=shadow
- systemctl restart saslauthd
systemctl enable saslauthd
測試SASL認證
testsaslauthd -u mail1 -p 1234
0: OK "Success."
- vim /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
- 啟動postfix服務。
postfix check
systemctl restart postfix
systemctl enable postfix
ss -ntlu | grep 25
tcp LISTEN 0 100 192.168.200.101:25 *:*
- pop和imap服務配置
yum install -y dovecot dovecot-devel
vim /etc/dovecot/dovecot.conf
24 protocols = imap imaps pop3 pop3s
48 login_trusted_networks = 192.168.200.0/24
- vim /etc/dovecot/conf.d/10-mail.conf
24 mail_location = maildir:~/Maildir
- vim /etc/dovecot/conf.d/10-auth.conf
10 disable_plaintext_auth = no <==允許明文驗證
100 auth_mechanisms = plain login <==dovecot 驗證機制
- vim /etc/dovecot/conf.d/10-master.conf
96 unix_listener /var/spool/postfix/private/auth {
97 mode = 0666
98 user = postfix
99 group = postfix
100 }
vim /etc/dovecot/conf.d/10-ssl.conf
8 ssl = no <===不開啟SSL
14 #ssl_cert = </etc/pki/dovecot/certs/dovecot.pem <===註釋掉
15 #ssl_key = </etc/pki/dovecot/private/dovecot.pem <===註釋掉
systemctl restart dovecot
ss -ntlu | grep -E "110|143"
tcp LISTEN 0 100 *:110 *:*
tcp LISTEN 0 100 *:143 *:*
郵件客戶端測試
郵件客戶端DNS地址設置為192.168.200.100
發信測試
群發測試
轉發測試
使用Telnet發送郵件:
[d:\~]$ telnet mail.a.com 25
220 mail.int6.cn ESMTP Postfix
helo mail.a.com
250 mail.a.com
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
aaaaa
bbbbb
ccccc
ddddd
. #輸入“.”回車結束輸入
250 2.0.0 Ok: queued as 919FC240B0C
使用Telnet接收郵件
[d:\~]$ telnet mail.a.com 110
+OK [XCLIENT] Dovecot ready.
user mail1
+OK
pass 1234
+OK Logged in.
stat #瀏覽郵件的狀態
list #列出郵件信息
retr 1 #查看第一封郵件內容
郵件服務Postfix+Sasl+Dovecot