一、Postfix安装及配置
1.提示已经安装并且是最新版
yum -y install postfix
2. 检查默认的MTA
[root@mail ~]# /usr/sbin/alternatives --display mta
/usr/sbin/alternatives --display mta
......
Current `best' version is /usr/sbin/sendmail.postfix.
最后一行说明默认的MTA已经是postfix,在老版本中可能为sendmail.sendmail,这时就要手工更改下,方法为:
[root@mail ~]# /usr/sbin/alternatives --set mta /usr/sbin/sendmail.postfix
/usr/sbin/alternatives --set mta /usr/sbin/sendmail.postfix
3. Postfix配置文件主要是两个master.cf和main.cf,这里我们只需要配置main.cf
vi /etc/postfix/main.cf,在文件main.cf找到以下的几行并按照下面的更改好。
myhostname = hk-inv.com
mydomain = hk-inv.com
myorigin = $myhostname
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, www.hk-inv.com, hk-inv.com, mail.hk-inv.com
mynetworks_style = host
relay_domains = $mydestination
//#relayhost = [an.ip.add.ress]后添加
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cblless.anti-spam.org.cn,
reject_rbl_client sbl-xbl.spamhaus.org,
check_policy_service unix:/var/spool/postfix/postgrey/socket
home_mailbox = Maildir/
//#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)后添加
smtpd_banner = hk-inv.com ESMTP Server
//最后添加
mtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination
smtpd_client_restrictions = permit_sasl_authenticated
message_size_limit = 15728640
完成后,使用/usr/sbin/postconf -n来检查配置是否正确。
4. 安装 cyrus-sasl 软件包
使用/etc/shadow文件验证
vi /etc/sysconfig/saslauthd
MECH=shadow
FLAGS=
vi /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
5.启动saslauthd
chkconfig saslauthd on
service saslauthd start
chgrp postfix /etc/sasldb2
chmod 640 /etc/sasldb2
6. 开放相关端口
[root@mail ~]# vi /etc/sysconfig/iptables
-A INPUT -p tcp -m multiport --dports 25,80,110,143 -j ACCEPT
[root@mail ~]# service iptables restart
7. 重启postfix
chkconfig postfix on
service postfix restart
[root@mail ~]# chkconfig postfix on
[root@mail ~]# service postfix restart
8. 检查配置是否正确
postfix 提供了check命令,可以检查当前postfix 的配置是否有问题、文件和目录权限是否正确。
[root@mail ~]# postfix check
没有消息就是好消息。
9. Telnet登录验证
这里是用虚拟用户即/etc/sasldb帐号,先取得用户名和密码的BASE64编码:
printf "colin@hk-inv.com" | base64
Y29saW5AaGstaW52LmNvbQ==
printf "colin123456" | base64
Y29saW4xMjM0NTY=
[root@mail ~]# printf "liuyuhui@kingmed.com" | openssl base64
bGl1eXVodWlAa2luZ21lZC5jb20=
[root@mail ~]# printf "liuyuhui" | openssl base64
bGl1eXVodWk=
[root@mail ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.kingmed.com ESMTP Postfix
ehlo localhost
250-mail.kingmed.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH DIGEST-MD5 GSSAPI PLAIN CRAM-MD5 LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth login
334 VXNlcm5hbWU6
bGl1eXVodWlAa2luZ21lZC5jb20= #liuyuhui@kingmed.com的BASE64编码
334 UGFzc3dvcmQ6
bGl1eXVodWk= #密码liuyuhui的BASE64编码
235 2.7.0 Authentication successful
mail from:liuyuhui@kingmed.com
250 2.1.0 Ok
rcpt to:jiangtao@kingmed.com
250 2.1.5 Ok
data
354 End data with . #回车后以点号(.)结束
hello,how are you?
.
250 2.0.0 Ok: queued as 934C83622
quit
221 2.0.0 Bye
Connection closed by foreign host.
来看下jiangtao用户家目录下是否有此邮件(注意queued as 934C83622):
[root@mail ~]# cat /home/jiangtao/Maildir/new/1375283408.Vfd00I3696M538506.mail.kingmed.com
Return-Path:
X-Original-To: jiangtao@kingmed.com
Delivered-To: jiangtao@kingmed.com
Received: from localhost (localhost [127.0.0.1])
(Authenticated sender: liuyuhui@kingmed.com)
by mail.kingmed.com (Postfix) with ESMTPA id 934C83622
for ; Wed, 31 Jul 2013 23:09:20 +0800 (CST)
Message-Id: <20130731150940.934C83622@mail.kingmed.com>
Date: Wed, 31 Jul 2013 23:09:20 +0800 (CST)
From: liuyuhui@kingmed.com
To: undisclosed-recipients:;
hello,how are you?
二、POP/ IMAP设置
为了让用户能在本地机器下载邮件,必须在服务器安装设置POP或IMAP。Dovecot是适用CentOS Linux邮件系统有名的imap/pop服务器之一,它支持maildir和mbox格式。
1. 安装
yum -y install dovecot
vi /etc/dovecot/dovecot.conf
protocols = imap pop3
listen = *
vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
vi /etc/dovecot/conf.d/10-master.conf
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Its default
# permissions make it readable only by root, but you may need to relax these
# permissions. Users that have access to this socket are able to get a list
# of all usernames and get results of everyone's userdb lookups.
unix_listener auth-userdb {
#mode = 0600
#user =
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
}
vi /etc/dovecot/conf.d/10-ssl.conf
ssl = no
vi /etc/dovecot/conf.d/20-pop3.conf
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
配置完后使用dovecot -n查看所有配置。
启动dovecot:
chkconfig dovecot on
service dovecot start
现在你可以使用邮件客户端代理软件和系统用户及密码来连接我们的Dovecot服务器了。
三、用户管理
//添加用户bash
#!/bin/bash
name=$1;
password=$2;
useradd $name -d /data/home/$name
echo $name:$password | chpasswd
echo $password | saslpasswd2 -c $name -u hk-inv.com -p
//更改权限 linux 命令
chgrp postfix /etc/sasldb2
chmod 640 /etc/sasldb2
//更改密码bash
#!/bin/bash
name=$1;
password=$2;
echo $name:$password | chpasswd
saslpasswd2 -d $name@hk-inv.com
echo $password | saslpasswd2 -c $name -u hk-inv.com -p
四.邮件别名设置
#编辑配置文件,service@xxx.com转发至kf@xxx.com和kf2@xxx.com(限本地邮箱)
vi /etc/postfix/main.cf
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
vi /etc/aliases
service: kf,kf2
postalias /etc/aliases
postfix reload
五、密送邮件到指定邮箱
#本地邮箱和Internet邮箱都可以支持转发
vi /etc/postfix/main.cf
//#alias_maps = netinfo:/aliases后添加
#virtual_alias_domains = hk-inv.com
#virtual_alias_maps = hash:/etc/postfix/virtual
vi /etc/postfix/virtual
service kf,xxxx@qq.com,xxxx@gmail.com
postmap /etc/postfix/virtual
postfix reload
六、ISP封锁25端口处理(25和2525端口都可以使用)
vi /etc/postfix/master.cf
//smtp inet n - n --smtpd下增加一行
smtp2 inet n - n --smtpd
vi /etc/services
//smtp 25/tcp mail
//smtp 25/udp mail下增加
smtp2 2525/tcp mail
smtp2 2525/udp mail
重启
service postfix restart