实验需求:为公司搭建一台能够收信和发信的邮件服务器(192.168.100.1),为员工提供服务,公司域名为jinjianjun.com.
一.修改DNS服务器(192.168.100.2)上mx邮件交换记录,确保客户机能解析邮件服务器地址
1.修改DNS区域文件
# vim /var/named/jinjianjun.com.zone
$TTL 3H
@ IN SOA jinjianjun.com. root.jinjianjun.com. (
2014042601; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns1.jinjianjun.com.
IN MX 10 mail.jinjianjun.com.
dns1 IN A 192.168.100.2
mail IN A 192.168.100.1
……
2.重启服务
# service named restart
3.客户机测试能否解析
# host -t mx jinjianjun.com 192.168.100.2 //查询目标域的MX记录
Using domain server:
Name: 192.168.100.2
Address: 192.168.100.2#53
Aliases:
jinjianjun.com mail is handled by 10 mail.jinjianjun.com.
# host mail.jinjianjun.com 192.168.100.2 //查看邮件服务器的解析结果
Using domain server:
Name: 192.168.100.2
Address: 192.168.100.2#53
Aliases:
mail.jinjianjun.com has address 192.168.100.1
二.搭建postfix发信服务器
1.安装软件包
# yum -y install postfix
2.修改主配置文件
[root@mail ~]# cd /etc/postfix/
# postconf -n > tmp.txt //导出非默认配置
# mv main.cf main.cf.bak
# mv tmp.txt main.cf
# vim main.cf
...
9 #inet_interfaces = localhost //监听端口
22 myhostname = mail.jinjianjun.com //邮件服务器主机名
23 mydomain = jinjianjun.com //邮件服务器所在区域
24 myorigin = $mydomain //发件人DNS后缀
25 mydestination = $mydomain //指定Postfix允许处理的邮件
26 home_mailbox = Maildir/ //邮箱类型
3、检查语法启动服务
# postfix check
# service postfix start
# chkconfig postfix on
# netstat -tulnp | grep :25 //发信使用SMTP协议
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3564/master
tcp 0 0 :::25 :::* LISTEN 3564/master
4.新建邮箱用户 //邮件用户默认为系统用户
# useradd damao
# echo 123456| passwd --stdin damao
# useradd tom
# echo 123456| passwd --stdin tom
5.测试发信功能
# telnet mail.jinjianjun.com 25
Trying 192.168.100.1...
Connected to mail.jinjianjun.com.
Escape character is '^]'.
220 mail.jinjianjun.com ESMTP Postfix
helo localhost //宣告客户端
250 mail.jinjianjun.com
mail from:damao@jinjianjun.com //邮件发件人
250 2.1.0 Ok
rcpt to:tom@jinjianjun.com //邮件收件人
250 2.1.5 Ok
data //邮件正文
354 End data with <CR><LF>.<CR><LF>
subject:Test mail //邮件主题
hello,tom //邮件内容
. //独立.表示邮件结束
250 2.0.0 Ok: queued as 9B6463FD97
quit //退出
221 2.0.0 Bye
Connection closed by foreign host.
6.验证邮件是否发送成功
# ls /home/tom/Maildir/new/
1398492202.V803Ibf420M185454.mail.jinjianjun.com
# cat /home/tom/Maildir/new/1398492202.V803Ibf420M185454.mail.jinjianjun.com
Return-Path: <damao@jinjianjun.com>
X-Original-To: tom@jinjianjun.com
Delivered-To: tom@jinjianjun.com
Received: from localhost (unknown [192.168.100.1])
by mail.jinjianjun.com (Postfix) with SMTP id 9B6463FD97
for <tom@jinjianjun.com>; Fri, 25 Apr 2014 23:00:32 -0700 (PDT)
subject:Test mail
Message-Id: <20140426060137.9B6463FD97@mail.jinjianjun.com>
Date: Fri, 25 Apr 2014 23:00:32 -0700 (PDT)
From: damao@jinjianjun.com
To: undisclosed-recipients:;
hello,tom
三.搭建dovecot收信服务器
1.安装软件包
# yum -y install dovecot
2.修改配置文件
# vim /etc/dovecot/dovecot.conf
……
20 #protocols = imap pop3 lmtp
21 protocols = imap pop3
# vim /etc/dovecot/conf.d/10-ssl.conf
……
6 #ssl = yes
7 ssl = no //禁用SSL加密
3.启动服务
# service dovecot start
# chkconfig dovecot on
# netstat -tulnp | grep dovecot
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 4377/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 4377/dovecot
tcp 0 0 :::110 :::* LISTEN 4377/dovecot
tcp 0 0 :::143 :::* LISTEN 4377/dovecot
4.测试收信服务
# telnet mail.jinjianjun.com 110
Trying 192.168.100.1...
Connected to mail.jinjianjun.com.
Escape character is '^]'.
+OK Dovecot ready.
user tom
+OK
pass 123456
+OK Logged in.
list
+OK 1 messages:
1 479
.
retr 1
+OK 479 octets
Return-Path: <damao@jinjianjun.com>
X-Original-To: tom@jinjianjun.com
Delivered-To: tom@jinjianjun.com
Received: from localhost (unknown [192.168.100.1])
by mail.jinjianjun.com (Postfix) with SMTP id 9B6463FD97
for <tom@jinjianjun.com>; Fri, 25 Apr 2014 23:00:32 -0700 (PDT)
subject:Test mail
Message-Id: <20140426060137.9B6463FD97@mail.jinjianjun.com>
Date: Fri, 25 Apr 2014 23:00:32 -0700 (PDT)
From: damao@jinjianjun.com
To: undisclosed-recipients:;
hello,tom
.
quit
+OK Logging out.
Connection closed by foreign host.
注意:telnet只是用于测试,在实际应用中基本不会用telnet来收发邮件,而是选择更加直观、简便的图形化软件(Outlook、Foxmail等),或者网页邮箱系统(网易邮箱、新浪邮箱等) 。
四.启动SMTP认证,提高邮件系统安全性,减少垃圾邮件
1.安装软件,启用服务
# rpm -q cyrus-sasl
cyrus-sasl-2.1.22-7.el5_8.1
# cat /etc/sasl2/smtpd.conf //主配置文件
pwcheck_method: saslauthd
mech_list: plain login
# service saslauthd start
# chkconfig saslauthd on
# testsaslauthd -u damao -p 123456 -s smtp //检查 saslauthd服务
0: OK "Success."
2.修改postfix主配置文件,启用认证
# vim /etc/postfix/main.cf
……
27 mynetworks = 127.0.0.1 //定义本地网络
28 smtpd_sasl_auth_enable = yes //启用SASL认证
29 smtpd_sasl_security_options = noanonymous //阻止匿名发
30 smtpd_recipient_restrictions = //设置收件人过滤
31 permit_mynetworks, //允许来自mynetworks的客户程序
32 permit_sasl_authenticated, //允许已通过sasl认证的用户
33 reject_unauth_destination //拒绝向未授权的目标邮件域发信
# service postfix restart
3.客户机测试不认证发送外域邮件
# telnet mail.jinjianjun.com 25
Trying 192.168.100.1...
Connected to mail.jinjianjun.com.
Escape character is '^]'.
220 mail.jinjianjun.com ESMTP Postfix
mail from:damao@jinjianjun.com
250 2.1.0 Ok
rcpt to:xixi@163.com
554 5.7.1 <xixi@163.com>: Relay access denied //发送外域的发信请求被拒绝
421 4.4.2 mail.jinjianjun.com Error: timeout exceeded
Connection closed by foreign host.
所以当用户未通过SMTP认证而向外域发送邮件时,其请求将被拒绝
4.客户机测试使用认证登录发送外域邮件
用户认证时,用户名、密码信息需要经过BASE64编码后才被识别,执行命令生成BASE64编码值:
# printf damao | openssl base64
ZGFtYW8=
# printf 123456 | openssl base64
MTIzNDU2
[root@client Desktop]# telnet mail.jinjianjun.com 25
Trying 192.168.100.1...
Connected to mail.jinjianjun.com.
Escape character is '^]'.
220 mail.jinjianjun.com ESMTP Postfix
auth login //执行认证登录
334 VXNlcm5hbWU6
ZGFtYW8= //输入用户名damao的BASE64编码
334 UGFzc3dvcmQ6
MTIzNDU2 //输入密码123456的BASE64编码
235 2.7.0 Authentication successful
mail from:damao@jinjianjun.com
250 2.1.0 Ok
rcpt to:xixi@163.com
250 2.1.5 Ok
data //编写邮件内容
354 End data with <CR><LF>.<CR><LF>
subect:test
test mail
.
250 2.0.0 Ok: queued as 5BFCD3FD16
quit
221 2.0.0 Bye
Connection closed by foreign host.
由此可见,用户使用认证登录后才能发送给外域邮件
http://jinjianjun.blog.51cto.com/8539251/1403389