Linux(CentOS6)上架设认证邮件服务器之收发邮件
2013年12月26日
CentOS6上邮件服务器架设已不再是什么难事,但是构建安全,稳定的邮件服务器也许不是一件很简单的事。今天将和大家一起探讨CentOS上邮件服务器架设的技术,为了将复杂的设置过程简单化,这里邮件服务器架设过程拆分成三步,但每一步都是可以收发邮件的。
送信(Smtp)软件:Postfix
收信(Pop3,Imap)软件:Dovecot
第一步:单纯架设postfix,dovecot服务器,实现邮件收发功能。
CentOS6上架设(postfix+dovecot+ssl)邮件服务器三部曲之收发邮件
1. 配置postfix
CentOS6中postfix被默认安装,并且开机启动。我们只要配置 /etc/postfix/main.cf 就可以了
[root@srv ~]# vi /etc/postfix/main.cf ← 设置postfix的配置文件 # INTERNET HOST AND DOMAIN NAMES # # The myhostname parameter specifies the internet hostname of this # mail system. The default is to use the fully-qualified domain name # from gethostname(). $myhostname is used as a default value for many # other configuration parameters. # #myhostname = host.domain.tld #myhostname = virtual.domain.tld myhostname = srv.dragreen.com ← 添加服务器FQND名 # The mydomain parameter specifies the local internet domain name. # The default is to use $myhostname minus the first component. # $mydomain is used as a default value for many other configuration # parameters. # #mydomain = domain.tld mydomain = dragreen.com ← 添加域名 # SENDING MAIL # # The myorigin parameter specifies the domain that locally-posted # mail appears to come from. The default is to append $myhostname, # which is fine for small sites. If you run a domain with multiple # machines, you should (1) change this to $mydomain and (2) set up # a domain-wide alias database that aliases each user to # user@that.users.mailhost. # # For the sake of consistency between sender and recipient addresses, # myorigin also specifies the default domain name that is appended # to recipient addresses that have no @domain part. # #myorigin = $myhostname #myorigin = $mydomain myorigin = $mydomain ← 添加内部测试用域名,例如 telnet localhost smtp 用sai 向外面送信时,自动将变为sai@dragreen.com # The inet_interfaces parameter specifies the network interface # addresses that this mail system receives mail on. By default, # the software claims all active interfaces on the machine. The # parameter also controls delivery of mail to user@[ip.address]. # # See also the proxy_interfaces parameter, for network addresses that # are forwarded to us via a proxy or network address translator. # # Note: you need to stop/start Postfix when this parameter changes. # #inet_interfaces = all #inet_interfaces = $myhostname #inet_interfaces = $myhostname, localhost inet_interfaces = localhost ↓ inet_interfaces = all ← 设置允许受到外面的来信 # The mydestination parameter specifies the list of domains that this# machine considers itself the final destination for. # # These domains are routed to the delivery agent specified with the # local_transport parameter setting. By default, that is the UNIX # compatible delivery agent that lookups all recipients in /etc/passwd # and /etc/aliases or their equivalent. # # The default is $myhostname + localhost.$mydomain. On a mail domain # gateway, you should also include $mydomain. # # Do not specify the names of virtual domains - those domains are # specified elsewhere (see VIRTUAL_README). # # Do not specify the names of domains that this machine is backup MX # host for. Specify those names via the relay_domains settings for # the SMTP server, or use permit_mx_backup if you are lazy (see # STANDARD_CONFIGURATION_README). # # The local machine is always the final destination for mail addressed # to user@[the.net.work.address] of an interface that the mail system # receives mail on (see the inet_interfaces parameter). # # Specify a list of host or domain names, /file/name or type:table # patterns, separated by commas and/or whitespace. A /file/name # pattern is replaced by its contents; a type:table is matched when # a name matches a lookup key (the right-hand side is ignored). # Continue long lines by starting the next line with whitespace. # # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS". # mydestination = $myhostname, localhost.$mydomain, localhost ↓ mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ← 来自自己域名的邮件也可以收信 #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, # mail.$mydomain, www.$mydomain, ftp.$mydomain # DELIVERY TO MAILBOX # # The home_mailbox parameter specifies the optional pathname of a # mailbox file relative to a user's home directory. The default # mailbox file is /var/spool/mail/user or /var/mail/user. Specify # "Maildir/" for qmail-style delivery (the / is required). # #home_mailbox = Mailbox #home_mailbox = Maildir/ home_mailbox = Maildir/ ← 将邮件箱的形式设置为 Maildir格式 # SHOW SOFTWARE VERSION OR NOT # # The smtpd_banner parameter specifies the text that follows the 220 # code in the SMTP server's greeting banner. Some people like to see # the mail version advertised. By default, Postfix shows no version. # # You MUST specify $myhostname at the start of the text. That is an # RFC requirement. Postfix itself does not care. # #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_banner = $myhostname ESMTP unknown ← 送信时屏蔽邮件服务器软件名称 message_size_limit = 10485760 ← 添加到最后,设置邮件大小不超过10M
2. 安装配置Dovecot
安装
[root@srv ~]# yum install -y dovecot
配置10-mail.conf
[root@centos ~]# vi /etc/dovecot/conf.d/10-mail.conf ← 10-mail.conf配置 # Location for users' mailboxes. The default is empty, which means that Dovecot # tries to find the mailboxes automatically. This won't work if the user # doesn't yet have any mail, so you should explicitly tell Dovecot the full # location. # # If you're using mbox, giving a path to the INBOX file (eg. /var/mail/%u) # isn't enough. You'll also need to tell Dovecot where the other mailboxes are # kept. This is called the "root mail directory", and it must be the first # path given in the mail_location setting. # # There are a few special variables you can use, eg.: # # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if there's no domain # %h - home directory # # See doc/wiki/Variables.txt for full list. Some examples: # # mail_location = maildir:~/Maildir # mail_location = mbox:~/mail:INBOX=/var/mail/%u # mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n # # # #mail_location = mail_location = maildir:~/Maildir ← 添加邮箱盒子的形式为Maildir # ':' separated list of directories under which chrooting is allowed for mail # processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). # This setting doesn't affect login_chroot, mail_chroot or auth chroot # settings. If this setting is empty, "/./" in home dirs are ignored. # WARNING: Never add directories here which local users can modify, that # may lead to root exploit. Usually this should be done only if you don't
配置10-auth.conf
[root@centos ~]# vi /etc/dovecot/conf.d/10-auth.conf ← 10-auth.conf配置 # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes disable_plaintext_auth = no ← 允许平文认证
3. 添加用户时自动增加Maildir文件夹
[root@srv ~]# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
[root@srv ~]# chmod -R 700 /etc/skel/Maildir/
[root@srv ~]#
4. 添加不能登录系统的邮件用户
[root@srv ~]# useradd -s /sbin/nologin sai [root@srv ~]# passwd sai
5. 配置防火墙,以开放25,110端口
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 20022 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m tcp --dport 11211 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
这里只要25,110端口在上面的列表当中就可以。
设置完成后重新启动防火墙。
[root@srv ~]# /etc/rc.d/init.d/iptables restart
6. 送信收信测试
[root@srv ~]# telnet localhost smtp Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 srv.dragreen.com ESMTP unknown ehlo localhost 250-srv.dragreen.com 250-PIPELINING 250-SIZE 10485760 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:sai 250 2.1.0 Ok rcpt to:k.dragreen@gmail.com 250 2.1.5 Ok data 354 End data with . From sai@dragreen.com Subject:test mail by dragreen Hello Sai this is a test mail by Sai . 250 2.0.0 Ok: queued as D8AEE100666 quit 221 2.0.0 Bye Connection closed by foreign host. [root@srv ~]#
上Gmail邮箱确认以下看看,是否收到刚才的发送的邮件。
OK,邮件成功收到了。
现在在Gmail上回信,看看我们的服务器能不能收到回信。
[root@srv ~]# ls /home/sai/Maildir/new/ 1385709224.Vfd02I2300010M95868.srv.dragreen.com
我们的邮箱盒子里来了一封新邮件,看看是不是刚才的回信
[root@srv ~]# telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user sai
+OK
pass 1111111
+OK Logged in.
list
+OK 3 messages:
1 4621
2 4600
3 2579
.
retr 3
+OK 2579 octets
Return-Path: <k.dragreen@gmail.com>
X-Original-To: sai@dragreen.com
Delivered-To: sai@dragreen.com
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44])
by srv.dragreen.com (Postfix) with ESMTPS id AC044100666
for <sai@dragreen.com>; Fri, 29 Nov 2013 16:13:43 +0900 (JST)
Received: by mail-vb0-f44.google.com with SMTP id w20so6533151vbb.31
for <sai@dragreen.com>; Thu, 28 Nov 2013 23:13:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
bh=5BM5T8oR1M5C1OV7WCY1bpJjBwPlppbAyOtoDNH5xss=;
b=mFAhbkDv5y5Q45KOqybKbpl/s3Ou0X3s+59aZmNVG1866xTdFm6Zd9ras65Spv7kpR
5et7BWIh8z4wcD91/E+J+8EHup+erHoevl0euBB1WjfcDAUaqXqwTdXlxX06lsPU0q7z
D0ReSeQjhv0F9UAxJLDKae5pxRn08jwE7DDnXUHFySN6rsoWqqBcd5rLNG9bmSU+nQf8
iISZluRVufID1mrMgnstcXGK98zU6gh0jkcIB3fegOYNaiyRBI0V4ORHXrPGXeaEKpKl
dj8mP7xlKP6loO77MUBnkZr7rGSBsTVcekqvtE/VXmM5QWnFT1tWvTnemsDYZS6LosUy
/kBQ==
MIME-Version: 1.0
X-Received: by 10.58.255.233 with SMTP id at9mr21370614ved.20.1385709225372;
Thu, 28 Nov 2013 23:13:45 -0800 (PST)
Received: by 10.220.75.207 with HTTP; Thu, 28 Nov 2013 23:13:45 -0800 (PST)
In-Reply-To: <20131129065903.D8AEE100666@srv.dragreen.com>
References: <20131129065903.D8AEE100666@srv.dragreen.com>
Date: Fri, 29 Nov 2013 16:13:45 +0900
Message-ID: <CAC4rMpYmXAoArqVHVJOfXpHsiiXGW9GYpzc2aOODv_Oxz-08wg@mail.gmail.com>
Subject: Re: test mail by dragreen
From: kaiei sai <k.dragreen@gmail.com>
To: sai@dragreen.com
Content-Type: multipart/alternative; boundary=047d7bf15fc823fe3f04ec4b9266
--047d7bf15fc823fe3f04ec4b9266
Content-Type: text/plain; charset=ISO-8859-1
Dear Dragreen,
thank you for your mail.
2013/11/29 <sai@dragreen.com>
> Hello Sai
> this is a test mail by Sai
>
--047d7bf15fc823fe3f04ec4b9266
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Dear Dragreen,<div><br></div><div>thank you for your mail.=
</div></div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">2=
013/11/29 <span dir=3D"ltr"><<a href=3D"mailto:sai@dragreen.com" target=
=3D"_blank">sai@dragreen.com</a>></span><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Hello Sai<br>
this is a test mail by Sai<br>
</blockquote></div><br></div>
--047d7bf15fc823fe3f04ec4b9266--
.
OK,这封邮件确实是我们刚才回信的邮件,成功!
谢谢阅读!!!