1.关于SMTP的基本配置:
##**环境配置**
重置两台虚拟机对desktop
vim /etc/sysconfig/network-scripts/ifcfg-eth0 ##**网络配置**
BOOTPROTO=none
IPADDR=172.25.254.141
PREFIX=24
systemctl restart network ##**重启网络**
vim /etc/yum.repos.d/... ##**编辑yum源**
yum clean all ##**清除yum缓存**
hostnamectl set-hostname westos-mail.westos.com
dns解析
yum install bind -y
systemctl start named
vim /etc/named.conf
11 // listen-on port 53 { 127.0.0.1; };
12 // listen-on-v6 port 53 { ::1; };
17 // allow-query { localhost; };
32 dnssec-validation no;
vim /etc/named.rfc1912.zones
zone "westos.com" IN {
type master;
file "westos.com.zone";
allow-update { none; };
};
zone "qq.com" IN {
type master;
file "qq.com.zone";
allow-update { none; };
};
vim /var/named/westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.141
westos.com. MX 1 172.25.254.141.
vim /var/named/qq.com.zone
systemctl restart named
vim /etc/resolv.conf
nameserver 172.25.254.141
对server
vim /etc/sysconfig/network-scripts/ifcfg-eth0 ##**网络配置**
vim /etc/yum.repos.d/...
yum clean all
hostnamectl set-hostname qq-mail.qq.com
vim /etc/resolv.conf
nameserver 172.25.254.141
dig -t mx qq.com ####查看此域名是否真常##
dig -t mx westos.com ####查看此域名是否真常##
##**postfix**
1.
postfix提供smtp协议用来投递邮件
默认端口25
/var/log/maillog ##**mail日志存放点**
发送邮件
mail root@qq.com
Subject: www
sadad
afdad
. ##**.表示邮件结束**
EOT
mailq ##**查看邮件队列**
postqueue -f ##**重发邮件队列**
postsuper -d ##**清除邮件队列**
默认情况下邮件端口只在127.0.0.1上开启
2.主要配置(都配置)
(1)
vim /etc/postfix/main.cf ##**编辑配置文件**
76 myhostname = westos-mail.westos.com ##**指定mta主机名称**
83 mydomain = westos.com ##**指定mta主机域名**
99 myorigin = westos.com ##**指定邮件来源结尾(即@后的字符)**
119 inet_protocols = all ##**25端口开启的网络接口**
164 mydestination = $myhostname, $mydomain, localhost, westos.com ##**接受邮件结尾字符(即@westos-mail.westos.com @westos.com root)**
systemctl stop firewalld ##**关闭火墙**
systemctl restart postfix.service ##**重启服务**
(2)测试:
mail 查看邮件
3.邮件别名
(1)
在收端编辑:
[root@qq-mail ~]# vim /etc/aliases ##**编辑文件**
别名: 真名
别名: :include:filename ##**群发邮件(filename可以为/etc/postfix/moreuser)**
[root@qq-mail ~]# vim filename ##**编辑更多user文件**
user1
user2
[root@westos-mail ~]# postalias /etc/aliases
(2)测试:
————发端————
mail 别名@qq.com
————收端————
mail查看邮件
mail -u username
4.通过远程主机发送邮件
(1)
远程主机(这里使用真机)
yum install telnet -y ##**下载telnet**
[root@foundation41 ~]# telnet 172.25.254.141 25 ##**远程通过172.25.254.141的25端口**
Trying 172.25.254.141...
Connected to 172.25.254.141.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
ehlo hello ##****
250-westos-mail.westos.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@westos.com ##**邮件发送端**
250 2.1.0 Ok
rcpt to:root@qq.com ##**邮件接受端**
250 2.1.5 Ok
data ##**邮件内容**
354 End data with <CR><LF>.<CR><LF>
assdf ##**由此键入**
fafaf
fafaf
. ##**结束点**
250 2.0.0 Ok: queued as 13873246204
quit ##**退出**
221 2.0.0 Bye
Connection closed by foreign host.
(2)测试:
接受端:
mail 查看邮件
5.邮件访问控制
(1)
在mta上
发送端:
[root@westos-mail ~]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access ##****
[root@westos-mail ~]# tail -n 1 /etc/postfix/main.cf ##**查看主配置文件的最后一行会发现参数已经添加**
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
[root@westos-mail ~]# vim /etc/postfix/access ##**编辑加密文件**
476 172.25.254.41 REJECT ##**最后一行添加要拒绝的主机**
[root@westos-mail ~]# postmap /etc/postfix/access ##**加密文件**
[root@westos-mail ~]# ls /etc/postfix/ ##**.db为真实的加密文件**
access canonical header_checks master.cf relocated virtual
access.db generic main.cf moreuser transport
[root@westos-mail ~]# systemctl restart postfix.service ##**重启服务**
(2)测试:
[root@foundation41 ~]# telnet 172.25.254.141 25
Trying 172.25.254.141...
Connected to 172.25.254.141.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:root@westos.com
250 2.1.0 Ok
rcpt to:root@qq.com
554 5.7.1 <unknown[172.25.254.41]>: Client host rejected: Access denied ##**发送邮件时发现被拒绝**
quit
221 2.0.0 Bye
Connection closed by foreign host.
6.限制用户发送
(1)
首先清除上次实验的控制
[root@westos-mail ~]# vim /etc/postfix/main.cf ##**注释掉邮件访问控制语句**
#smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
(2)
然后再开始实验
在mta上:
[root@westos-mail ~]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender" ##**限制用户发送邮件,使用哈希在/etc/postfix/sender加密**
[root@westos-mail ~]# tail -n 1 /etc/postfix/main.cf ##**查看主配置文件发现参数已经添加**
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender
[root@westos-mail ~]# vim /etc/postfix/sender ##**编辑加密文件,写入要加密的用户**
student@westos.com REJECT
[root@westos-mail ~]# postmap /etc/postfix/sender ##**对加密文件进行加密**
[root@westos-mail ~]# ls /etc/postfix/ ##**sender.db即生成的加密文件**
access canonical header_checks master.cf relocated sender.db virtual
generic main.cf moreuser sender transport
[root@westos-mail ~]# systemctl restart postfix.service ##**重启服务**
(3)测试:
[root@foundation41 Desktop]# telnet 172.25.254.141 25
Trying 172.25.254.141...
Connected to 172.25.254.141.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:student@westos.com
250 2.1.0 Ok
rcpt to:root@qq.com
554 5.7.1 <student@westos.com>: Sender address rejected: Access denied ##**发送被限制**
7.限制用户接收
(1)
在mta上:
[root@westos-mail ~]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip" ##**限制用户接受文件,使用哈希加密在/etc/postfix/recip加密**
[root@westos-mail ~]# vim /etc/postfix/recip ##**编辑加密文件,写入加密用户**
westos@westos.com REJECT
[root@westos-mail ~]# postmap /etc/postfix/recip ##**对加密文件进行加密,生成.db文件**
[root@westos-mail ~]# ls /etc/postfix/
access generic main.cf moreuser recip.db sender transport
canonical header_checks master.cf recip relocated sender.db virtual
[root@westos-mail ~]# systemctl restart postfix.service ##**重启服务**
(2)测试:
[root@foundation41 Desktop]# telnet 172.25.254.141 25
Trying 172.25.254.141...
Connected to 172.25.254.141.
Escape character is '^]'.
220 westos-mail.westos.com ESMTP Postfix
mail from:westos@westos.com ##**发送者**
250 2.1.0 Ok
rcpt to:root@qq.com ##**接收者**
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
123
1213
.
250 2.0.0 Ok: queued as 06562EAC27 ##**由此看出westos@westos.com可以发送邮件**
mail from:root@qq.com
250 2.1.0 Ok
rcpt to:westos@westos.com
554 5.7.1 <westos@westos.com>: Recipient address rejected: Access denied ##**由此看出不能接受邮件**
quit
221 2.0.0 Bye
Connection closed by foreign host.
8.出站地址伪装
(1)
[root@westos-mail ~]# postconf -e "smtp_generic_maps = hash:/etc/postfix/generic" ##**出站地址伪装**
[root@westos-mail ~]# vim /etc/postfix/generic ##**编辑地址伪装文件**
真实名称 伪装名称
westos@westos.com hello@gmail.com
[root@westos-mail ~]# postmap /etc/postfix/generic ##**进行加密**
[root@westos-mail ~]# systemctl restart postfix.service ##**重启服务**
(2)测试:
[root@westos-mail ~]# su - westos
[westos@westos-mail ~]$ mail root@qq.com
[root@qq-mail ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 2 messages 2 new
>N 1 westos@westos.com Sat May 20 21:44 14/492
N 2 hello@gmail.com Sat May 20 22:30 22/727 "123"
9.入站地址转换
(1)
[root@westos-mail ~]# vim /etc/postfix/main.cf ##**编辑主配置文件,注释westos用户不能收件的功能**
#smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip
(2)DNS解析
[root@westos-mail ~]# vim /etc/named.rfc1912.zones
zone "gmail.com" IN {
type master;
file "gmail.com.zone";
allow-update { none; };
};
[root@westos-mail ~]# cp -p /var/named/westos.com.zone /var/named/gmail.com.zone
[root@westos-mail ~]# vim /var/named/gmail.com.zone
把westos换成gmail
[root@westos-mail ~]# systemctl restart named
dig -t mx gmail.com
(3)转换地址
[root@westos-mail ~]# postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual" ##**入站地址转换**
[root@westos-mail ~]# vim /etc/postfix/virtual ##**编辑虚拟地址转换文件**
虚拟名称 真实名称
hello@gmail.com westos@westos.com
[root@westos-mail ~]# postmap /etc/postfix/virtual ##**进行加密**
[root@westos-mail ~]# systemctl restart postfix.service ##**重启服务**
(4)测试
[root@qq-mail ~]# mail hello@gmail.com ##**向hello@gmail.com回复邮件**
[root@westos-mail ~]# mail -u westos
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/westos": 1 message
> 1 root Sat May 20 22:39 23/731 "2333"
& 1
Message 1:
From root@qq.com Sat May 20 22:39:54 2017
Return-Path: <root@qq.com>
X-Original-To: hello@gmail.com ##**虚拟名称**
Delivered-To: westos@westos.com ##**转换成了真实名称**
#####出站地址伪装和入站地址转换构成了企业邮箱功能
##**dovecot**
1.
/etc/services 端口文件
dovecot 用来提供收件协议
pop3 110
imap 143
imaps 993
pop3s 995
给定用户名称,用户密码,dovecot程序代我们去看这个用户的邮件文件
2.下载
yum install dovecot -y ##**下载dovecot**
3.配置
vim /etc/dovecot/dovecot.conf ##**编辑主配置文件**
24 protocols = imap pop3 lmtp ##**使用imap pop3 lmtp协议**
48 login_trusted_networks = 0.0.0.0/0 ##**全网访问**
49 disable_plaintext_auth = no ##**使用明文密码登陆**
vim /etc/dovecot/conf.d/10-mail.conf ##**编辑子配置文件**
30 mail_location = mbox:~/mail:INBOX=/var/mail/%u ##**用户邮件所在地**
#mbox - mail's box
#~/mail - 用户家目录/mail
#INBOX=/var/mail/%u - INBOX中存放的是/var/mail/%u中的文件
#%u - username
systemctl restart dovecot ##**重启服务**
[root@westos-mail ~]# su - westos ##**切换westos用户**
[westos@westos-mail ~]$ pwd
/home/westos
[westos@westos-mail ~]$ mkdir mail/.imap/ -p ##**建立邮件目录**
[westos@westos-mail ~]$ touch mail/.imap/INBOX ##**建立邮件存储文件**
[root@westos-mail ~]# mkdir /etc/skel/mail/.imap -p ##**建立用户(新建立的所有)邮件目录**
[root@westos-mail ~]# touch /etc/skel/mail/.imap/INBOX ##**建立用户(新建立的所有)邮件存储文件**
4.测试
mutt -f pop://westos@172.25.254.141 ##**查看邮件**
##**postfix+mysql**
1.数据库基础设置
yum install httpd php php-mysql.x86_64 mariadb-server.x86_64 -y
mv /etc/postfix/main.cf /mnt ##**备份配置文件**
yum reinstall postfix.x86_64 ##**重新下载**
vim /etc/postfix/main.cf
systemctl restart postfix.service
systemctl start mariadb
mysql_secure_installation ##**数据库安全证书初始化**
tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2 -C /var/www/html/
rm *.bz2 -f
mv phpMyAdmin-3.4.0-all-languages/ admin/
cp /var/www/html/admin/config.sample.inc.php /var/www/html/admin/config.sample.php
vim /var/www/html/admin/config.sample.php
vim /etc/my.cnf
systemctl restart mariadb
systemctl restart httpd
-----web建立表格
mysql -uroot -pwestos
create user postuser@localhost identified by 'postuser'; ##**建立数据库用户**
grant select,update,insert on email.* to postuser@localhost; ##**授权**
2.设置postfix
(1)用户名查询
vim /etc/postfix/mailuser.cf ##**用户名查询**
hosts = localhost ##**数据库所在主机**
user = postuser ##**登陆数据库的用户**
password = postuser ##**登陆数据库的用户的密码**
dbname = email ##**postfix要查询的库名称**
table = emailuser ##**postfix要查询的表的名称**
select_field = username ##**postfix要查询的字段**
where_field = username ##**用户给定的postfix的查询条件**
(2)用户域名查询
vim /etc/postfix/maildomain.cf ##**用户域名查询**
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = domain
where_field = domain
(3)用户邮箱位置查询
vim /etc/postfix/mailbox.cf ##**用户邮箱位置查询**
hosts = localhost
user = postuser
password = postuser
dbname = email
table = emailuser
select_field = maildir
where_field = username
(4)测试
[root@westos-mail postfix]# postmap -q "lee@lee.com" mysql:/etc/postfix/mailuser.cf
lee@lee.com
[root@westos-mail postfix]# postmap -q "lee.com" mysql:/etc/postfix/maildomain.cf
lee.com
[root@westos-mail postfix]# postmap -q "lee@lee.com" mysql:/etc/postfix/mailbox.cf
/mnt/lee.com/lee/
3.配置postfix
(1)
groupadd -g 666 vmail
useradd -s /sbin/nologin -u 666 vmail -g 666
(2)
postconf -e "virtual_mailbox_base = /home/vmail"
postconf -e "virtual_uid_maps = static:666"
postconf -e "virtual_alias_maps = mysql:/etc/postfix/mailuser.cf"
postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/maildomain.cf"
postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mailbox.cf"
systemctl restart postfix.service
(3)
mail lee@lee.com
ls /home/vmail
关于team链路聚合的学习--------------
1.team也是链路聚合的一种方式
最多支持八块网卡
支持模式:
广播,轮询,主备,负载均衡
2.配置
nmcli connection add con-name team0 ifname team0 type team config '{"runner":{"name":"activebackup"}}' ip4 172.25.254.142/24
nmcli connection add con-name eth0 ifname eth0 type team-slave master team0
nmcli connection add con-name eth1 ifname eth1 type team-slave master team0
3.测试
/watch -n 1 teamdctl team0 stat ####监测工作状态
/ping 172.25.254.42 ####查看网络连接状态
/ifconfig eth0 down
ifconfig eth0 up
[root@foundation42 Desktop]# rht-vmctl poweroff desktop ####关掉虚拟机
Powering off desktop..
[root@foundation42 Desktop]#
[root@foundation42 Desktop]# cd /etc/sysconfig/network-scripts/
[root@foundation42 network-scripts]# ls
ifcfg-br0 ifdown-isdn ifup-bnep ifup-routes
ifcfg-enp0s25 ifdown-post ifup-eth ifup-sit
ifcfg-lo ifdown-ppp ifup-ib ifup-Team
ifcfg-wlp3s0 ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
[root@foundation42 network-scripts]# mv ifcfg-br0 ifcfg-enp0s25 /mnt/ ####备份br0
[root@foundation42 network-scripts]# nm-connection-editor ####删掉system enp0s25 和 bridge enp0s25
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
** (nm-connection-editor:5872): WARNING **: Unsupported connection type 'generic'
** (nm-connection-editor:5872): WARNING **: Unsupported connection type 'generic'
[root@foundation42 network-scripts]# vim ifcfg-enp0s25 ####编写配置
DEVICE=enp0s25
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.42
NETMASK=255.255.255.0
[root@foundation42 network-scripts]# systemctl stop NetworkManager.service ###关掉服务
[root@foundation42 network-scripts]# systemctl restart network ####重启网络
[root@foundation42 network-scripts]# ls
ifcfg-enp0s25 ifdown-post ifup-eth ifup-sit
ifcfg-lo ifdown-ppp ifup-ib ifup-Team
ifcfg-wlp3s0 ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes
-------------------网桥---------------
真实主机中
[root@foundation42 ~]# cd /etc/sysconfig/network-scripts/
[root@foundation42 network-scripts]# vim ifcfg-enp0s25
DEVICE=enp0s25 ####设备名称
ONBOOT=yes ####开启服务设备自动激活
BOOTPROTO=none ####网卡工作状态
BRIDGE=br0 ####网卡开启的网桥接口
[root@foundation42 network-scripts]# vim ifcfg-br0
DEVICE=br0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.42
NETMASK=255.255.255.0
TYPE=Bridge ####网络接口类型是桥接
[root@foundation42 network-scripts]# systemctl stop NetworkManager.service ####服务用来记录网卡位置
[root@foundation42 network-scripts]# systemctl restart network ####重启网络
[root@foundation42 network-scripts]# systemctl start NetworkManager.service
[root@foundation42 network-scripts]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.254.42 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::221:ccff:feb8:6c5d prefixlen 64 scopeid 0x20<link>
ether 00:21:cc:b8:6c:5d txqueuelen 0 (Ethernet)
RX packets 40 bytes 4311 (4.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24 bytes 3144 (3.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
/恢复:
[root@foundation42 network-scripts]# mv ifcfg-br0 ifcfg-enp0s25 /mnt/ ####备份br0
[root@foundation42 network-scripts]# vim ifcfg-enp0s25 ####编写配置
DEVICE=enp0s25
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.42
NETMASK=255.255.255.0
---命令管理方式--
虚拟主机中
添加:
nm-connection-editor ###删除team0
systemctl stop NetworkManager.service ####服务用来记录网卡位置
brctl show ####显示网桥
brctl addbr br0 ###添加网桥
brctl addif br0 eth0 ####添加网桥的接口到eth0
ifconfig eth0 up ####开启接口
ifconfig br0 172.25.254.142 netmask 255.255.255.0 ####配置br0
brctl show ####显示网桥
ping 172.25.254.250 ####查看网络状态
删除:
ifconfig br0 down ####关掉br0
brctl delif br0 eth0 ####断开网桥接口
brctl delbr br0 ###删除接口
brctl show ####显示网桥
----------ipv6---------
1.internet proto version 6
ipv4 32/2 地址枯竭 子网掩码 24 16 8
iopv6 128/2 子网 16 32 48 64 80
128/2 --------> 128/8 16 ------> 0-f
2017:0:0:0:f:0:0:1
重置虚拟机
systemctl stop NetworkManager.service ####服务用来记录网卡位置
vim /etc/sysconfig/network-scripts/eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.254.142
NETMASK=255.255.255.0
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6ADDR=2017::42/64
systemctl restart network
ping6 2017::a