unbound和mail服務的部署和簡單應用
阿新 • • 發佈:2018-11-07
1、服務的介紹
Unbound是一個快取DNS解析器。unbound官網
它使用根區域的內建權威名稱伺服器列表 (。),所謂的根提示。在收到DNS查詢時,它會詢問 答案的根名稱伺服器,幾乎在所有情況下都會收到 授權給頂級域名(TLD)權威名稱伺服器。它 然後會詢問名稱伺服器的答案。它將以遞迴方式進行 直到找到答案或沒有答案(NXDOMAIN)。 出於效能和效率的原因,答案被快取為cer- 時間(答案的生存時間或TTL)。第二個查詢 然後將從快取中回答相同的名稱。不受約束也可以 DNSSEC驗證。 相傳他的開發者是一位牙醫,不知是否為真。
postfix這是Wietse Venema開發的郵件伺服器
postfix是Wietse Venema想要為使用最廣泛的提供替代品的一個嘗試。在Internet世界中,大部分的電子郵件都是通過sendmail來投遞的,大約有100萬用戶使用sendmail,每天投遞上億封郵件。這真是一個讓人吃驚的數字。Postfix試圖更快、更容易管理、更安全,同時還與sendmail保持足夠的相容性。
來自百度文獻
2、環境介紹
server端:
[[email protected] ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.1 (Maipo)
[ [email protected] ~]# hostname
100.hzy.com
[[email protected] ~]# ip a |grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 192.168.137.100/24 brd 192.168.137.255 scope global eno16777736
inet6 fe80::20c:29ff:feac:5681/64 scope link
client端:
[[email protected] ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.1 (Maipo)
[ [email protected] ~]# hostname
200.hzy.com
[[email protected] ~]# ip a |grep inet
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
inet 192.168.137.200/24 brd 192.168.137.255 scope global eno16777736
inet6 fe80::20c:29ff:febb:c0b0/64 scope link
3、安裝和部署unbound服務
安裝
yum install -y unbound
[[email protected] ~]# rpm -ql unbound |grep etc
/etc/sysconfig/unbound
/etc/tmpfiles.d/unbound.conf
/etc/unbound/conf.d
/etc/unbound/conf.d/example.com.conf
/etc/unbound/keys.d
/etc/unbound/keys.d/example.com.key
/etc/unbound/local.d
/etc/unbound/local.d/block-example.com.conf
/etc/unbound/unbound.conf
找到unbound.conf修改其配置
server:
verbosity: 1
statistics-interval: 0
statistics-cumulative: no
extended-statistics: yes
num-threads: 2 #執行緒數
interface: 0.0.0.0 #可以是本地個任意埠ip
interface-automatic: no #自動選擇埠
port: 53 #埠53相應資料包
access-control: 0.0.0.0/0 allow #相應來自所有網段的資料包
chroot: "" #虛擬目錄
username: "unbound" #指定的系統使用者安裝預設建立
directory: "/etc/unbound" #配置檔案所在的目錄
log-time-ascii: yes #日誌的同步時間戳
pidfile: "/var/run/unbound/unbound.pid" #這個服務的系統pid值
harden-glue: yes #
harden-dnssec-stripped: yes
harden-below-nxdomain: yes
harden-referral-path: yes
use-caps-for-id: no
unwanted-reply-threshold: 10000000
prefetch: yes
prefetch-key: yes
rrset-roundrobin: yes
minimal-responses: yes
dlv-anchor-file: "/etc/unbound/dlv.isc.org.key"
trusted-keys-file: /etc/unbound/keys.d/*.key
auto-trust-anchor-file: "/var/lib/unbound/root.key"
val-clean-additional: yes
val-permissive-mode: no
val-log-level: 1
include: /etc/unbound/local.d/*.conf #讀取的解析檔案路徑
remote-control: #dns的控制設定
control-enable: yes
server-key-file: "/etc/unbound/unbound_server.key"
server-cert-file: "/etc/unbound/unbound_server.pem"
control-key-file: "/etc/unbound/unbound_control.key"
control-cert-file: "/etc/unbound/unbound_control.pem"
# Stub and Forward zones
include: /etc/unbound/conf.d/*.conf
他的解析檔案在 include: /etc/unbound/local.d/*.conf
[[email protected] ~]# cat /etc/unbound/local.d/aa.conf
local-zone: "hzy.com." static #設定靜態的域
##這一行是dns的預設引數設定可以不寫
local-data: "hzy.com. NS 100.hzy.com." #指定這個域裡的dns伺服器
local-data: "hzy.com. MX 5 100.hzy.com." #指定這個域裡的mail伺服器
local-data: "mail.hzy.com. IN A 192.168.137.100"
local-data: "200.hzy.com. IN A 192.168.137.200"
local-data: "www.hzy.com. IN A 192.168.137.200"
local-data: "ftp.hzy.com. IN A 192.168.137.200"
local-data-ptr: "192.168.137.200 200.hzy.com"
local-data-ptr: "192.168.137.200 www.hzy.com"
[[email protected] ~]# firewall-cmd --add-port=53/tcp --permanent
[[email protected] ~]# firewall-cmd --reload
測試
[[email protected] ~]# nslookup mail.hzy.com
Server: 192.168.137.100
Address: 192.168.137.100#53
Name: mail.hzy.com
Address: 192.168.137.100
[[email protected] ~]# nslookup www.hzy.com
Server: 192.168.137.100
Address: 192.168.137.100#53
Name: www.hzy.com
Address: 192.168.137.200
4、配置postfix服務並使用dovecot收件服務測試
安裝
[[email protected] ~]# yum install -y dovecot postfix
##在redhat系統中預設postfix是安裝的
編輯/etc/postfix/main.cf
[[email protected] ~]# grep -v "#" /etc/postfix/main.cf |grep -v "^$"
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = 100.hzy.com
mydomain = hzy.com
myorigin = hzy.com
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 0.0.0.0/0
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
smtpd_banner = $myhostname ESMTP $mail_name
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
message_size_limit = 10485760
mailbox_size_limit = 1073741824
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
引數
作用
myhostname
郵局系統的主機名
mydomain
郵局系統的域名
myorigin
從本機發出郵件的域名名稱
inet_interfaces
監聽的網絡卡介面
mydestination
可接收郵件的主機名或域名
mynetworks
設定可轉發哪些主機的郵件
relay_domains
設定可轉發哪些網域的郵件
具體引數設定參考的是# [centos7搭建postfix郵件伺服器](https://www.cnblogs.com/operationhome/p/9056870.html)
編輯/etc/dovecot/dovecot.conf
將監聽的型別改成*
[[email protected] ~]# grep -v '#' /etc/dovecot/dovecot.conf |grep -v "^$"
listen = *
dict {
}
!include conf.d/*.conf
!include_try local.conf
編輯/etc/dovecot/conf.d/10-auth.conf
[[email protected] ~]# grep -v '#' /etc/dovecot/conf.d/10-auth.conf |grep -v "^$"
disable_plaintext_auth = no ##開啟明碼文字認證
auth_mechanisms = plain login
!include auth-system.conf.ext
編輯/etc/dovecot/conf.d/10-mail.conf
找到並修改mail_location = maildir:~/Maildir
編輯/etc/dovecot/conf.d/10-master.conf
89 # unix_listener auth-userdb {
90 #mode = 0666
91 #user =
92 #group =
93 # }
94 unix_listener /var/spool/postfix/private/auth {
95 mode = 0666
96 user = postfix
97 group = postfix
98 }
編輯/etc/dovecot/conf.d/10-ssl.conf
因為沒有設定ssl加密,所以ssl的值修改為 ssl = no
[[email protected] ~]# systemctl enable dovecot
ln -s '/usr/lib/systemd/system/dovecot.service' '/etc/systemd/system/multi-user.target.wants/dovecot.service'
[[email protected] ~]# systemctl start dovecot.service
5、使用Foxmail測試
使用系統使用者:建議使用非登入系統使用者
[[email protected] ~]# id bob
uid=1001(bob) gid=1001(bob) 組=1001(bob)
[[email protected] ~]# id goudan
uid=1002(goudan) gid=1002(goudan) 組=1002(goudan)
簡書連結
---END---