邮件传递原理
发送邮件时:
用户通过MUA将邮件投递到MTA
MTA首先将邮件传给MDA
MDA会根据邮件收件人的不同采取不同的方式处理
收信人和发信人来自同一域:MDA将邮件存放到对应邮件存放地点
收信人和发信人来自不同域:MDA将邮件还给MTA
MTA通过DNS查询到收件人MTA的IP地址
将邮件投递到收件人MTA
收件人所在区域MTA将邮件投递到MDA
MDA将邮件存放到对应邮件存放地点
接受邮件时:
用户通过MUA连接MRA
MRA在邮件存放地点将邮件收取,并传递回MUA
MUA:邮件用户代理,客户端收发邮件的软件
MTA:邮件传输代理,服务器上的部署邮件服务器的软件
MDA:邮件投递代理,在邮件服务器上将邮件存放到相应的位置
MRA:邮件收取代理,为MUA读取邮件提供标准接口,主要使用POP3和IMAP协议
邮件相关协议
SMTP:简单邮件传输协议TCP25
POP3:邮局协议版本3TCP110
POPs:提供加密的POP3TCP995
IMAP:交互邮件访问协议TCP143
IMAPs:提供加密的IMAPTCP993
搭建邮件服务首先进行相应的DNS设置
[root@server1 named]# vim/var/named/chroot/var/named/tarena.com.zone $TTL 86400 @ IN SOA example.com. root.example.com. ( 2014030601 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400) ; Minimum IN NS dns1.example.com. IN MX 5 mail.example.com. 添加MX记录 dns1 IN A 192.168.10.254 ;www IN A 192.168.10.1 mail IN A 192.168.10.1 添加A记录 [root@server1 named]# service named restart
检查MX记录
[root@localhost ~]# host -t example.com example.com mail is handled by 5mail.example.com.
检查地址解析
[root@localhost ~]# host mail.example.com mail.tarena.com has address 192.168.10.1
搭建发信服务,由于postfix发信服务端口号为25,sendmail服务使用的端口号也为25,所以要先把sendmail服务停止。
[root@localhost ~]# service sendmail stop [root@localhost ~]# chkconfig sendmail off
安装postfix服务软件包
[root@localhost ~]# yum install postfix –y [root@localhost ~]# chkconfig --add postfix [root@localhost ~]# chkconfig --listpostfix postfix 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 postconf命令 –n选项查看非默认配置,-d查看默认配置。将非默认配置过滤出来放到main.cf文件中。 [root@localhost postfix]# postconf -n >ls.txt [root@localhost postfix]# mv main.cf main.cf.bak [root@localhost postfix]# mv ls.txt main.cf 编辑postfix主配置文件main.cf。 [root@localhost postfix]# vim/etc/postfix/main.cf alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no #inet_interfaces = localhost 将此项设置注释掉,若存在此项设置,进程监听的为本地回环的端口25,注释掉之后监听any的25端口。也只可以指定监听主机地址。 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination =$myhostname,$mydomain 能够本地投递的收件域 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory =/usr/share/doc/postfix-2.3.3/README_FILES sample_directory =/usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 myhostname = mail.example.com 服务器主机名 mydomain = example.com 主邮件域 myorigin = $mydomain 外发邮件的发件域地址 home_mailbox = Maildir/ 邮箱位置及类型。Mailbox每个用户一个邮件文件,Maildir每个用户一个邮件目录。
查看端口25的服务状态
[root@localhost postfix]# netstat -autn |grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN [root@localhost postfix]# service postfix restart
新建两个普通用户并设置密码,设置为不需要登录。
[root@localhost postfix]# useradd -s /sbin/nologin jacky [root@localhost postfix]# useradd -s /sbin/nologin hunter
发送邮件
[root@localhost postfix]# telnet mail.example.com 25 Trying 192.168.10.1... Connected to mail.example.com (192.168.10.1). Escape character is '^]'. 220 mail.example.com ESMTP Postfix MAIL FROM:jacky@example.com 发件人 250 2.1.0 Ok RCPT TO:hunter@example.com 收件人 250 2.1.5 Ok DATA 发送邮件的内容 354 End data with<CR><LF>.<CR><LF> SUBJECT:TEST 发送邮件的主题 jslaknmgam;lfsad. . 250 2.0.0 Ok: queued as 6D8CF3152DC Quit 退出 221 2.0.0 Bye Connection closed by foreign host. 在收件人家目录的Maildir目录中能够查看到刚发送的文件。New为未查看的新邮件,cur存放查看过的文件。 [root@localhost~]# ls /home/hunter/Maildir/ cur new tmp
安装dovecot收信服务。
[root@localhost ~]# yum install dovecot -y [root@localhost ~]# service dovecot restart [root@localhost ~]# chkconfig dovecot on
编辑dovecot服务的主配置文件。一般不需要对其进行配置。
[root@localhost ~]# vim /etc/dovecot.conf [root@localhost ~]# telnet mail.example.com 110 Trying 192.168.10.1... Connected to mail.example.com (192.168.10.1). Escape character is '^]'. +OK Dovecot ready. user hunter 输入用户名 +OK pass 123 输入密码 +OK Logged in. List 查看邮件列表 +OK 1 messages: 1 445 . retr 1 查看指定邮件内容 +OK 445 octets Return-Path: <jacky@example.com> X-Original-To: hunter@example.com Delivered-To: hunter@example.com Received: from unknown (unknown[192.168.10.1]) by mail.tarena.com (Postfix) with SMTP id BC2123152DC for <hunter@tarena.com>; Mon, 10 Mar 2014 11:23:30 +0800 (CST) Message-Id:<20140310032359.BC2123152DC@mail.example.com> Date: Mon, 10 Mar 2014 11:23:30 +0800 (CST) From: jacky@example.com To: undisclosed-recipients:; mklsml;sma;mg. quit 退出 +OK Logging out. Connection closed by foreign host. .
SMTP认证控制。
需要安装cyrus-sasl软件包
[root@localhost ~]# rpm -q cyrus-sasl cyrus-sasl-2.1.22-7.el5_8.1
编辑主配置文件。主配置文件不存在,需新建,模板可参考/usr/lib64/sasl2/smtpd.conf
[root@localhost ~]# vim /etc/sasl2/smtpd.conf r:/usr/lib64/sasl2/smtpd.conf pwcheck_method: saslauthd [root@localhost ~]# service saslauthd restart [root@localhost ~]# chkconfig saslauthd on
检查saslauthd服务
[root@localhost ~]# testsaslauthd -u hunter -p 123 -s smtp 0: OK "Success."
编辑postfix主配置文件
[root@localhost ~]# vim /etc/postfix/main.cf mynetworks = 127.0.0.1 设置本地网络 smtpd_sasl_auth_enable = yes 启用sasl认证 smtpd_sasl_security_options = noanonymous 阻止匿名发信 smtpd_recipient_restrictions = 设置收件人过滤(如果设置项过长,回车换行后另起一行以空格开头则可以表示此行与上一行连接) permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 拒绝向未授权的目标域发信 [root@localhost ~]# service postfix restart
获得base64编码的认证字串。(用户名密码都需要)
[root@localhost ~]# printf "hunter" |openssl base64 aHVudGVy [root@localhost ~]# printf "123"|openssl base64 MTIz
此时发信则需要用户名密码登陆验证后才允许发信
[root@localhost ~]# telnet mail.example.com 25 Trying 192.168.10.1... Connected to mail.example.com (192.168.10.1). Escape character is '^]'. 220 mail.example.com ESMTP Postfix auth login 登陆命令 334 VXNlcm5hbWU6 aHVudGVy 填写用户名的base64编码的认证字串 334 UGFzc3dvcmQ6 MTIz 密码的base64编码的认证字串 235 2.0.0 Authentication successful mail from:hunter@example.com 发件人 250 2.1.0 Ok rcpt to:jacky@sina.com 收件人 250 2.1.5 Ok data 邮件内容 354 End data with<CR><LF>.<CR><LF> 219u03213213. . 250 2.0.0 Ok: queued as 35E18315309 Quit 退出 221 2.0.0 Bye Connection closed by foreign host.
邮件的过滤
根据客户端地址过滤
[root@localhost ~]# vim /etc/postfix/access 192.168.10 REJECT 192.168.10.49 OK
建立access.db访问策略库
[root@localhost ~]# postmap /etc/postfix/access
在main.cf主配置文件中添加以下内容
[root@localhost ~]# vim /etc/postfix/main.cf smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
重新加载postfix服务
[root@localhost ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
根据发件人过滤
[root@localhost ~]# vim /etc/postfix/sender_access hunter@tarena.com REJECT [root@localhost ~]# postmap /etc/postfix/sender_access [root@localhost ~]# vim /etc/postfix/main.cf smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access [root@localhost ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system [root@localhost ~]# vim /etc/postfix/recipient_access hunter@tarena.com REJECT [root@localhost ~]# postmap /etc/postfix/recipient_access [root@localhost ~]# vim /etc/postfix/main.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain check_recipient_access hash:/etc/postfix/recipient_access [root@localhost ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
搭建webmail邮件系统
安装squirrelmail软件包
[root@localhost ~]# yum -y install squirrelmail [root@localhost ~]# rpm -q squirrelmail squirrelmail-1.4.8-21.el5 [root@localhost ~]# grep "^Include" /etc/httpd/conf/httpd.conf Include conf.d/*.conf [root@localhost ~]# service httpd restart [root@localhost ~]# tail -1 /etc/httpd/conf.d/squirrelmail.conf Alias /webmail /usr/share/squirrelmail 访问地址设置别名,可以更改。 [root@localhost ~]# vim /etc/squirrelmail/config.php $squirrelmail_default_language ='zh_CN'; 语言改为中文 $domain = 'example.com'; 服务器域名 $imapServerAddress = '192.168.10.1'; 发件服务器 $imapPort = 143; 接收端口号 $useSendmail = true; $smtpServerAddress = '192.168.10.1'; 发件服务器 $smtpPort = 25; 发送端口号 $sendmail_path = '/usr/sbin/sendmail'; [root@localhost ~]# service httpd restart
转载于:https://blog.51cto.com/8588192/1372043
1779
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
