邮件管理
#######################################邮件管理
前提:配置dns服务器
desktop端作为dns服务器,ip:172.25.254.123
yum install bind -y
systemctl start named
vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; }; ##开启所有53端口
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; }; ##允许所有人访问
dnssec-validation no;
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
desktop端作为dns服务器,ip:172.25.254.123
yum install bind -y
systemctl start named
vim /etc/named.conf
// listen-on port 53 { 127.0.0.1; }; ##开启所有53端口
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// allow-query { localhost; }; ##允许所有人访问
dnssec-validation no;
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
zone "qq.com" IN {
type master;
file "qq.com.zone";
allow-update { none; };
}
cp named.localhost westos.com.zone -p
vim westos.com
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.123
westos.com. MX 1 172.25.254.123.
cp westos.com.zone qq.com.zone -p
vim qq.com.zone
$TTL 1D
@ IN SOA dns.qq.com. root.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.qq.com.
dns A 172.25.254.123
qq.com. MX 1 172.25.254.223.
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.254.123
systemctl stop firewalld
systemctl disable firewalld
测试:
dig -t mx westos.com
dig -t mx qq.com
server:
vim /etc/resolv.conf
nameserver 172.25.254.123
dig -t mx westos.com
dig -t mx qq.com
type master;
file "qq.com.zone";
allow-update { none; };
}
cp named.localhost westos.com.zone -p
vim westos.com
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.123
westos.com. MX 1 172.25.254.123.
cp westos.com.zone qq.com.zone -p
vim qq.com.zone
$TTL 1D
@ IN SOA dns.qq.com. root.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.qq.com.
dns A 172.25.254.123
qq.com. MX 1 172.25.254.223.
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.254.123
systemctl stop firewalld
systemctl disable firewalld
测试:
dig -t mx westos.com
dig -t mx qq.com
server:
vim /etc/resolv.conf
nameserver 172.25.254.123
dig -t mx westos.com
dig -t mx qq.com
**)postfix:提供smtp协议,用来投递邮件,默认端口号为25
/var/log/maillog ##服务日志
/var/log/maillog ##服务日志
mail [email protected] ##给westos.com域名的root用户发邮件
Subject:hello ##标题
hello world ##正文
. ##用“.”结束录入内容并发送
Subject:hello ##标题
hello world ##正文
. ##用“.”结束录入内容并发送
mailq ##查看邮件队列
postsuper -d queueID ##删除邮件队列里的邮件
postqueue -f ##重新处理邮件队列
netstat -antlpe | grep master ##查看25端口开启状态
默认情况下邮件端口只在回环接口(127.0.0.1)开启
postsuper -d queueID ##删除邮件队列里的邮件
postqueue -f ##重新处理邮件队列
netstat -antlpe | grep master ##查看25端口开启状态
默认情况下邮件端口只在回环接口(127.0.0.1)开启
1.配置
dns:
vim /etc/postfix/main.cf
76 myhostname = westos-mail.westos.com ##主机名
83 mydomain = westos.com ##域名
99 myorigin = $mydomain ##结尾
116 inet_interfaces = all ##开启所有接口
164 mydestination = $myhostname,$mydomain, localhost ##可用邮件地址
systemctl restart postfix ##重启服务
systemctl stop firewalld ##关闭火墙
server:
vim /etc/postfix/main.cf
76 myhostname = qq-mail.qq.com ##主机名
83 mydomain = qq.com ##域名
99 myorigin = $mydomain ##结尾
116 inet_interfaces = all ##开启所有接口
164 mydestination = $myhostname,$mydomain, localhost ##可用邮件地址
systemctl restart postfix
systemctl stop firewalld
测试:
desktop:
mail [email protected] ##给[email protected]发邮件
Subject:hello
hello world
.
mailq ##查看邮件队列
server:
mail ##查看邮件
dns:
vim /etc/postfix/main.cf
76 myhostname = westos-mail.westos.com ##主机名
83 mydomain = westos.com ##域名
99 myorigin = $mydomain ##结尾
116 inet_interfaces = all ##开启所有接口
164 mydestination = $myhostname,$mydomain, localhost ##可用邮件地址
systemctl restart postfix ##重启服务
systemctl stop firewalld ##关闭火墙
server:
vim /etc/postfix/main.cf
76 myhostname = qq-mail.qq.com ##主机名
83 mydomain = qq.com ##域名
99 myorigin = $mydomain ##结尾
116 inet_interfaces = all ##开启所有接口
164 mydestination = $myhostname,$mydomain, localhost ##可用邮件地址
systemctl restart postfix
systemctl stop firewalld
测试:
desktop:
mail [email protected] ##给[email protected]发邮件
Subject:hello
hello world
.
mailq ##查看邮件队列
server:
mail ##查看邮件
2.邮件别名
dns:
vim /etc/aliases
别名: 真名 ##邮件别名,发给别名的邮件会被真名用户收到
别名: :include:/etc/postfix/filename ##邮件群发
vim /etc/postfix/filename ##指定用户文件
user1
user2
postalias /etc/aliases ##刷新文件
测试:
mail 别名@westos.com
mail -u user1
mail -u user2
dns:
vim /etc/aliases
别名: 真名 ##邮件别名,发给别名的邮件会被真名用户收到
别名: :include:/etc/postfix/filename ##邮件群发
vim /etc/postfix/filename ##指定用户文件
user1
user2
postalias /etc/aliases ##刷新文件
测试:
mail 别名@westos.com
mail -u user1
mail -u user2
3.通过远程主机测试邮件服务
真机:
yum install telnet -y ##远程发邮件命令
telnet 172.25.254.123 25 ##登陆IP主机上的25端口
ehlo hello ##标题
mail from:[email protected] ##从哪发
rcpt to:[email protected] ##谁接收
data ##邮件内容
djaskjdjsa
fdsjkl
dsajlk
djsalk
. ##邮件结束并发送
server:
mail ##若成功会接受到邮件
真机:
yum install telnet -y ##远程发邮件命令
telnet 172.25.254.123 25 ##登陆IP主机上的25端口
ehlo hello ##标题
mail from:[email protected] ##从哪发
rcpt to:[email protected] ##谁接收
data ##邮件内容
djaskjdjsa
fdsjkl
dsajlk
djsalk
. ##邮件结束并发送
server:
mail ##若成功会接受到邮件
4.邮件客户端的访问控制
dns:
postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access" ##检测/etc/postfix/access文件
vim /etc/postfix/access
172.25.254.23 REJECT ##拒绝23主机远程访问
postmap /etc/postfix/access ##加密
systemctl restart postfix ##重启服务
测试:
[[email protected] ~]# telnet 172.25.254.123 25 ##远程链接到123主机发邮件
Trying 172.25.254.123...
Connected to 172.25.254.123.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
ehlo hello ##标题
250-westos-mail.westos.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected] ##邮件来源
250 2.1.0 Ok
rcpt to:[email protected] ##邮件去处
554 5.7.1 <unknown[172.25.254.23]>: Client host rejected: Access denied ##访问被拒绝
dns:
postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access" ##检测/etc/postfix/access文件
vim /etc/postfix/access
172.25.254.23 REJECT ##拒绝23主机远程访问
postmap /etc/postfix/access ##加密
systemctl restart postfix ##重启服务
测试:
[[email protected] ~]# telnet 172.25.254.123 25 ##远程链接到123主机发邮件
Trying 172.25.254.123...
Connected to 172.25.254.123.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
ehlo hello ##标题
250-westos-mail.westos.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected] ##邮件来源
250 2.1.0 Ok
rcpt to:[email protected] ##邮件去处
554 5.7.1 <unknown[172.25.254.23]>: Client host rejected: Access denied ##访问被拒绝
5.限制用户发送
若要在真机上测试要先允许23主机发送邮件
postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
vim /etc/postfix/sender
[email protected] REJECT ##拒绝student用户
postmap /etc/postfix/sender ##加密sender文件,生成.db文件
systemctl restart postfix
测试:
[[email protected] ~]# telnet 172.25.254.123 25 ##远程登陆123主机发邮件
Trying 172.25.254.123...
Connected to 172.25.254.123.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Sender address rejected: Access denied ##发送被拒绝
若要在真机上测试要先允许23主机发送邮件
postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
vim /etc/postfix/sender
[email protected] REJECT ##拒绝student用户
postmap /etc/postfix/sender ##加密sender文件,生成.db文件
systemctl restart postfix
测试:
[[email protected] ~]# telnet 172.25.254.123 25 ##远程登陆123主机发邮件
Trying 172.25.254.123...
Connected to 172.25.254.123.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Sender address rejected: Access denied ##发送被拒绝
6.限制用户接收
postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient"
vim /etc/postfix/recipient
[email protected] REJECT ##限制[email protected]用户接收文件
postmap /etc/postfix/recipient ##加密文件,同时生成.db文件
systemctl restart postfix
测试:
[[email protected] ~]# telnet 172.25.254.123 25
Trying 172.25.254.123...
Connected to 172.25.254.123.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Recipient address rejected: Access denied ##接收被拒绝
postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient"
vim /etc/postfix/recipient
[email protected] REJECT ##限制[email protected]用户接收文件
postmap /etc/postfix/recipient ##加密文件,同时生成.db文件
systemctl restart postfix
测试:
[[email protected] ~]# telnet 172.25.254.123 25
Trying 172.25.254.123...
Connected to 172.25.254.123.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Recipient address rejected: Access denied ##接收被拒绝
7.出站地址伪装
postconf -e "smtp_generic_maps = hash:/etc/postfix/generic"
vim /etc/postfix/generic
真实用户 虚拟名字
[email protected] [email protected] ##[email protected]伪装成[email protected]
postmap /etc/postfix/generic ##加密文件
systemctl restart postfix
测试:
su - westos
mail [email protected]
查看
[[email protected] ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 [email protected] Mon May 22 10:55 22/722 "fdsfds"
8.入站地址转换
dns解析先做好
dig -t mx sb.com ##解析sb.com域名
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
vim /etc/postfix/virtual
虚拟名字 真实用户
[email protected] [email protected]
postmap /etc/postfix/virtual
systemctl restart postfix
测试:
mail [email protected]
查看:
[[email protected] named]# mail -u westos
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/westos": 1 message
> 1 root Mon May 22 11:18 25/728 "fdsf"
dns解析先做好
dig -t mx sb.com ##解析sb.com域名
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
vim /etc/postfix/virtual
虚拟名字 真实用户
[email protected] [email protected]
postmap /etc/postfix/virtual
systemctl restart postfix
测试:
mail [email protected]
查看:
[[email protected] named]# mail -u westos
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/westos": 1 message
> 1 root Mon May 22 11:18 25/728 "fdsf"
**)dovecot:
支持的协议:
pop3 端口: 110
imap 143
pop3s 995
imaps 993
yum install dovecot -y ##安装dovecot服务
vim /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp ##支持协议,lmtp表示pop3s,imaps,加密协议
48 login_trusted_networks = 0.0.0.0/0 ##允许所有人登陆
49 disable_plaintext_auth = no ##开启认证
vim /etc/dovecot/conf.d/10-mail.conf
30 mail_location = mbox:~/mail:INBOX=/var/mail/%u ##邮件地址
%u---------主机名([email protected])
%n---------user
%d---------domain
%h---------家目录
支持的协议:
pop3 端口: 110
imap 143
pop3s 995
imaps 993
yum install dovecot -y ##安装dovecot服务
vim /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp ##支持协议,lmtp表示pop3s,imaps,加密协议
48 login_trusted_networks = 0.0.0.0/0 ##允许所有人登陆
49 disable_plaintext_auth = no ##开启认证
vim /etc/dovecot/conf.d/10-mail.conf
30 mail_location = mbox:~/mail:INBOX=/var/mail/%u ##邮件地址
%u---------主机名([email protected])
%n---------user
%d---------domain
%h---------家目录
systemctl restart dovecot
useradd westos
echo redhat | passwd --stdin westos
su - westos
mkdir mail/.imap/ -p
touch mail/.imap/INBOX
测试:
23主机:
mutt -f pop://[email protected] ##查看邮件
useradd westos
echo redhat | passwd --stdin westos
su - westos
mkdir mail/.imap/ -p
touch mail/.imap/INBOX
测试:
23主机:
mutt -f pop://[email protected] ##查看邮件
1.客户端工具发送邮件
俩台机子都安装dovecot
rpm -ivh thunderbird
thunderbird
进入图形界面管理邮件
俩台机子都安装dovecot
rpm -ivh thunderbird
thunderbird
进入图形界面管理邮件
**)mysql+postfix管理邮件:
yum install httpd php php-mysql mariadb-server -y
vim /etc/my.cnf
skip-networking=1 ##关闭通过网络登陆
systemctl restart mariadb
安装网页管理数据库工具
(*安全上下文问题*)
cp -p /var/www/html/myadmin/config.sample.inc.php /var/www/html/myadmin/config.inc.php
mysql_secure_installition ##数据库安全初始化
浏览器输入172.25.254.123/myadmin
进入网页管理数据库
新建email数据库,新建emailuser表
子段:username password domain mailbox
值:[email protected] lala haha.com /mnt/lala.com/lala
mysql -uroot -predhat
create user [email protected] identified by 'postuser'; ##新建用户
grant select,update,insert on email.* to [email protected]; ##用户授权
cd /etc/postfix
vim mailuser.cf ##用户名称查询
hosts = localhost ##数据库所在主机
user = postuser ##登陆数据库的用户
password = postuser ##登陆数据库的密码
dbname = email ##postfix要查询库的名称
table = emailuser ##postfix要查询表的名称
select_field = username ##postfix要查询的子段
where_field = username ##用户给定postfix的查询条件
yum install httpd php php-mysql mariadb-server -y
vim /etc/my.cnf
skip-networking=1 ##关闭通过网络登陆
systemctl restart mariadb
安装网页管理数据库工具
(*安全上下文问题*)
cp -p /var/www/html/myadmin/config.sample.inc.php /var/www/html/myadmin/config.inc.php
mysql_secure_installition ##数据库安全初始化
浏览器输入172.25.254.123/myadmin
进入网页管理数据库
新建email数据库,新建emailuser表
子段:username password domain mailbox
值:[email protected] lala haha.com /mnt/lala.com/lala
mysql -uroot -predhat
create user [email protected] identified by 'postuser'; ##新建用户
grant select,update,insert on email.* to [email protected]; ##用户授权
cd /etc/postfix
vim mailuser.cf ##用户名称查询
hosts = localhost ##数据库所在主机
user = postuser ##登陆数据库的用户
password = postuser ##登陆数据库的密码
dbname = email ##postfix要查询库的名称
table = emailuser ##postfix要查询表的名称
select_field = username ##postfix要查询的子段
where_field = username ##用户给定postfix的查询条件
vim maildomain.cf ##用户域名查询
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = domain
where_field = domain
vim mialbox.cf ##用户邮箱查询
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = mailbox
where_field = username
postmap -q "[email protected]" mysql:/etc/postfix/mailbox.cf ##检测邮箱配置
/lala.com/lala/
postmap -q "haha.com" mysql:/etc/postfix/maildomain.cf ##检测域名配置
haha.com
postmap -q "[email protected]" mysql:/etc/postfix/mailuser.cf ##检测用户配置
[email protected]
groupadd -g 666 vmail ##新建vmail组,指定gid=666
useradd -s /sbin/nologin -u 666 vmail -g 666 ##新建vmail用户,加入vmail组,设置非交互式登陆
postconf -e "virtual_mailbox_base = /home/vmail"##设置邮件家目录
postconf -e "virtual_uid_maps = static:666" ##指定uid
postconf -e "virtual_gid_maps = static:666" ##指定gid
postconf -e "virtual_alias_maps = mysql:/etc/postfix/mailuser.cf" ##通过读取mailuser文件获取用户
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mailbox.cf" ##获取邮箱
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/maildomain.cf"##获取域名
systemctl restart postfix
测试:
mail [email protected]
cd /home/vmail ##可以看到邮件
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = domain
where_field = domain
vim mialbox.cf ##用户邮箱查询
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = mailbox
where_field = username
postmap -q "[email protected]" mysql:/etc/postfix/mailbox.cf ##检测邮箱配置
/lala.com/lala/
postmap -q "haha.com" mysql:/etc/postfix/maildomain.cf ##检测域名配置
haha.com
postmap -q "[email protected]" mysql:/etc/postfix/mailuser.cf ##检测用户配置
[email protected]
groupadd -g 666 vmail ##新建vmail组,指定gid=666
useradd -s /sbin/nologin -u 666 vmail -g 666 ##新建vmail用户,加入vmail组,设置非交互式登陆
postconf -e "virtual_mailbox_base = /home/vmail"##设置邮件家目录
postconf -e "virtual_uid_maps = static:666" ##指定uid
postconf -e "virtual_gid_maps = static:666" ##指定gid
postconf -e "virtual_alias_maps = mysql:/etc/postfix/mailuser.cf" ##通过读取mailuser文件获取用户
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mailbox.cf" ##获取邮箱
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/maildomain.cf"##获取域名
systemctl restart postfix
测试:
mail [email protected]
cd /home/vmail ##可以看到邮件