北京Mail&DNS:192.168.101.1
上海Mail&DNS:192.168.101.100
北京处邮件服务器配置如下:
配置主机系统环境,更改主机名:
![clip_image002[7]](https://s1.51cto.com/attachment/201112/18/3413052_1324196755Kj5L.jpg "clip_image002[7]")
添加账号及相应密码:
![clip_image004[7]](https://s1.51cto.com/attachment/201112/18/3413052_1324196756CkyE.jpg "clip_image004[7]")
创建目录并挂载光盘,使用yum安装DNS服务所需软件包:
![clip_image006[7]](https://s1.51cto.com/attachment/201112/18/3413052_1324196757PFtQ.jpg "clip_image006[7]"){kind=small}
配置DNS服务器,修改其配置文件并增加所要解析的域名数据文件,操作如图:
![clip_image002[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196758OicJ.jpg "clip_image002[5]")
![clip_image004[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196761o7or.jpg "clip_image004[5]")
编辑DNS数据文件:
![clip_image006[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196762V7LG.jpg "clip_image006[5]"){kind=small}
开启服务:
解析域名,测试DNS是否正常工作:
![clip_image008[5]](https://s1.51cto.com/attachment/201112/18/3413052_13241967638pry.jpg "clip_image008[5]")
将DNS服务添加至开机启动,并在本机指定域名服务器地址:
![clip_image010[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196763pLZH.jpg "clip_image010[5]")
安装mail服务所需软件包:
![clip_image012[5]](https://s1.51cto.com/attachment/201112/18/3413052_13241967647BB7.jpg "clip_image012[5]"){kind=small}
安装加密所使用的软件包,安装mod_ssl并配置openssl.cnf:
![clip_image014[5]](https://s1.51cto.com/attachment/201112/18/3413052_13241967658hRR.jpg "clip_image014[5]")
因openssl.conf文件中所需的文件及文件夹在软件安装时未创建,需手动创建CA所需的文件夹及相关文件,操作如图67所示:
![clip_image016[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196767NaqF.jpg "clip_image016[5]")
生成私钥:
![clip_image018[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196767TjIF.jpg "clip_image018[5]"){kind=small}
创建自签发证书:
![clip_image020[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196769OtYl.jpg "clip_image020[5]")
为保证安全性,需更改私钥权限,使其仅可读,创建mail存放私钥目录并生成公钥:
![clip_image022[5]](https://s1.51cto.com/attachment/201112/18/3413052_13241967708iM2.jpg "clip_image022[5]")
填写申请证书表单:
![clip_image024[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196772OCPJ.jpg "clip_image024[5]")
提交证书申请表单并签发:
![clip_image026[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196773iQ5Q.jpg "clip_image026[5]"){kind=small}
编辑sendmail的相关配置文件,在access文件中指明中继地址及域名,在local-host-names文件中写入本机所在域名及主机名,在sendmail.mc文件中添加邮件发送加密:
![clip_image028[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196775R82F.jpg "clip_image028[5]")
为接收邮件创建钥匙、填写申请证书表单并颁发证书,编辑其配置文件:
![clip_image030[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196779iXLp.jpg "clip_image030[5]")
![clip_image032[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196782UTjC.jpg "clip_image032[5]")
安装wireshark抓包工具并开始抓包:
![clip_image034[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196783ElDY.jpg "clip_image034[5]")
重启各项服务:
![clip_image036[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196785VEmJ.jpg "clip_image036[5]")
上海处邮件服务器配置与北京处相同。
此时测试北京用户发送邮件至上海用户:
mkt@sh.com用户撰写邮件
![clip_image038[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196789UVfE.jpg "clip_image038[5]")
tec@bj.com用户接收到邮件
![clip_image040[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196796dt3n.jpg "clip_image040[5]")
此时查看抓包情况
北京处抓取的数据
![clip_image042[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196801Mkdn.jpg "clip_image042[5]")
上海处抓取的数据
![clip_image044[5]](https://s1.51cto.com/attachment/201112/18/3413052_1324196808VPgl.jpg "clip_image044[5]")
转载于:https://blog.51cto.com/none5zj/744856
575
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
