邮件服务器是大型公司必备的一项,因为公司内部都需要依靠邮件来传输信息,邮件一般都采用POP3和SMTP服务,搭建服务的程序有很多,比较出名的微软,IMB都有自己的邮件服务软件,我们这里是在LINUX下建立邮件服务器,使用的是开源的postfix和dovecot分别来做为发邮件和收邮件的服务。
邮件服务器需要域名的解析所以我们需要DNS服务,然后配置两个服务就可以通过邮件管理程序(MUT)来进行收发邮件了,如果需要也可以安装webmail系统,实现网页的mail访问,下面以squirrelmail为例,
实验拓扑:
DNS Server 主机A
Mail Server 主机B
Win7 Client 主机W
实验要求:
在DNS Master上搭建DNS,能够解析mail.tarena.com
在Mail Server上部署邮件服务器
在Win7上安装Foxmail测试
主机A的配置(配置DNS)
前面有文件专门说明DNS,这里只写入了需要添加的,来指定mail服务器的域名解析
|
[[email protected] named]# cat tarena.com.zone $TTL 86400 @ IN SOA tarena.com. root.tarena.com. ( 2013122401 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum IN NS dns1.tarena.com. IN MX 5 mail.tarena.com. //邮件服务器的域名 dns1 IN A 192.168.10.253 mail IN A 192.168.10.252 //解析邮件服务器的域名 |
Mail Server配置(配置SMTP服务器)
1、前提条件(测试DNS)
|
[[email protected] ~]# host -t mx tarena.com tarena.com mail is handled by 5 mail.tarena.com. [[email protected] ~]# host mail.tarena.com mail.tarena.com has address 192.168.10.252 |
2、设置邮件服务器的主机名
|
[[email protected] ~]# grep HOSTNAME /etc/sysconfig/network HOSTNAME=mail.tarena.com [[email protected] ~]# hostname mail.tarena.com |
3、安装Postfix
postfix的端口是25,有可能会被sendmail占用,这时我们需要先关闭sendmail服务,可以先查看一下,
如果没有可跳过
|
[[email protected] ~]# netstat -tulnp | grep :25 //查看25端口 tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4079/sendmail [[email protected] ~]# service sendmail stop //关闭服务 [[email protected] ~]# chkconfig sendmail off [[email protected] ~]# yum -y install postfix [[email protected] ~]# chkconfig --add postfix [[email protected] ~]# chkconfig --list postfix postfix 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 |
4、修改主配置文件
postfix的主配置文件内容很多,我们可以使用postconf -n命令导出非默认的设置,用此文件来替换原配置文件,这样配置文件就从600多行变成30多行了,方便我们查看更改。保留原文件做为备份
|
[[email protected] ~]# cd /etc/postfix/ [[email protected] postfix]# postconf -n >tmp.txt [[email protected] postfix]# mv main.cf main.cf.bak [[email protected] postfix]# mv tmp.txt main.cf |
|
[[email protected] postfix]# vim main.cf ... 8 #inet_interfaces = localhost //监听端口 20 myhostnasme = mail.tarena.com //邮件服务器主机名 21 mydomain = tarena.com //邮件服务器所在区域 22 myorigin = $mydomain //发件人DNS后缀 23 mydestination = $mydomain //指定Postfix允许处理的邮件 24 home_mailbox = Maildir/ //邮箱类型 25 mynetworks = 192.168.10.0/24 //设置允许哪些客户端直接将需要转发到外部区域的邮件提交给Postfix |
4、检查语法启动服务
|
[[email protected] postfix]# postfix check [[email protected] postfix]# postfix reload [[email protected] postfix]# netstat -tulnp | grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 6015/master |
测试:
先建立两个账号,用来邮件收发的测试
|
[[email protected] ~]# useradd yg [[email protected] ~]# useradd xln [[email protected] ~]# echo 123456 | passwd --stdin yg [[email protected] ~]# echo 123456 | passwd --stdin xln |
进入测试
|
[[email protected] ~]# telnet mail.tarena.com 25 //连接服务器 Trying 192.168.10.10... Connected to mail.tarena.com (192.168.10.10). Escape character is ‘^]‘. 220 mail.tarena.com ESMTP Postfix helo localhost //宣告客户端 250 mail.tarena.com mail from:[email protected] //邮件来自 250 2.1.0 Ok rcpt to:[email protected] //邮件发往 250 2.1.5 Ok data //邮件正文 354 End data with <CR><LF>.<CR><LF> subject Test mail! //邮件主题 hello,byebye . //邮件结束 250 2.0.0 Ok: queued as A967D324DE8 quit //退出 221 2.0.0 Bye Connection closed by foreign host. |
查看Mail的日志,
|
[[email protected] ~]# tail /var/log/maillog ... Dec 24 11:49:27 ser1 postfix/smtpd[14064]: connect from ser1.tarena.com[192.168.10.10] Dec 24 11:50:20 ser1 postfix/smtpd[14064]: A967D324DE8: client=ser1.tarena.com[192.168.10.10] Dec 24 11:51:09 ser1 postfix/cleanup[14083]: A967D324DE8: message-id=<[email protected]> Dec 24 11:51:09 ser1 postfix/qmgr[13913]: A967D324DE8: from=<[email protected]>, size=367, nrcpt=1 (queue active) //上面是发件人,下面是收件人 Dec 24 11:51:09 ser1 postfix/local[14099]: A967D324DE8: to=<[email protected]>, relay=local, delay=63, delays=63/0.01/0/0.05, dsn=2.0.0, status=sent(delivered to maildir) // status=sent表示发送成功 Dec 24 11:51:09 ser1 postfix/qmgr[13913]: A967D324DE8: removed Dec 24 11:51:14 ser1 postfix/smtpd[14064]: disconnect from ser1.tarena.com[192.168.10.10] [[email protected] ~]# ls ~xln/Maildir/new/ 1387857069.V802I3ec114M561364.mail.tarena.com //下面是查看刚刚发送的邮件 [[email protected] ~]# cat ~xln/Maildir/new/1387857069.V802I3ec114M561364.mail.tarena.com Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from localhost (ser1.tarena.com [192.168.10.10]) by mail.tarena.com (Postfix) with SMTP id A967D324DE8 for <[email protected]>; Tue, 24 Dec 2013 11:50:06 +0800 (CST) Message-Id: <[email protected]> Date: Tue, 24 Dec 2013 11:50:06 +0800 (CST) From: [email protected] To: undisclosed-recipients:; subject Test mail! hello,byebye |
Mail Server配置(配置POP服务器)
1、安装dovecot
dovecot默认配置就可以使用,安装完后启动服务,就可以使用了
|
[[email protected] ~]# yum -y install dovecot |
2、配置主配置文件
|
[[email protected] ~]# vim /etc/dovecot.conf ... 205 mail_location = maildir:~/Maildir //设置邮箱路径 |
3、启动服务
|
[[email protected] ~]# service dovecot restart [[email protected] ~]# chkconfig dovecot on [[email protected] ~]# netstat -tulnp | grep dovecot tcp 0 0 :::110 :::* LISTEN 16835/dovecot tcp 0 0 :::143 :::* LISTEN 16835/dovecot |
测试:
|
[[email protected] ~]# telnet mail.tarena.com 110 //连接服务器 Trying 192.168.10.10... Connected to mail.tarena.com (192.168.10.10). Escape character is ‘^]‘. +OK Dovecot ready. user xln //输入账户 +OK pass 123456 //输入密码 +OK Logged in. list //列出邮件 +OK 1 messages: 1 458 . retr 1 //查看邮件1 +OK 458 octets Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from localhost (ser1.tarena.com [192.168.10.10]) by mail.tarena.com (Postfix) with SMTP id A967D324DE8 for <[email protected]>; Tue, 24 Dec 2013 11:50:06 +0800 (CST) Message-Id: <[email protected]> Date: Tue, 24 Dec 2013 11:50:06 +0800 (CST) From: [email protected] To: undisclosed-recipients:; subject Test mail! hello,bybye . quit +OK Logging out. Connection closed by foreign host. |
SMTP认证控制
1、安装,启动saslauthd服务
|
[[email protected] ~]# rpm -q cyrus-sasl cyrus-sasl-2.1.22-7.el5_8.1 [[email protected] ~]# cat /etc/sasl2/smtpd.conf pwcheck_method: saslauthd [[email protected] ~]# service saslauthd start [[email protected] ~]# chkconfig saslauthd on [[email protected] ~]# testsaslauthd -u yg -p 123456 -s smtp //检查saslauthd服务 0: OK "Success." |
2、调整postfix配置,启用认证
|
[[email protected] ~]# vim /etc/postfix/main.cf ... 25 mynetworks = 127.0.0.1 //设置本地网络 26 smtpd_sasl_auth_enable = yes //启用SASL认证 27 smtpd_sasl_security_options = noanonymous //阻止匿名发信 28 smtpd_recipient_restrictions = //设置收件人过滤 29 permit_mynetworks, //允许来自mynetworks的客户 30 permit_sasl_authenticated, //允许已通过sasl认证的用户 31 reject_unauth_destination //拒绝向未授权的目标域发信 [[email protected] ~]# service postfix restart |
3、测试
通过下面的命令算认证,下面测试会用到
|
[[email protected] ~]# printf "yg"| openssl base64 eWc= [[email protected] ~]# printf "123456"| openssl base64 MTIzNDU2 |
|
[[email protected] ~]# telnet mail.tarena.com 25 //连接服务器 Trying 192.168.10.10... Connected to mail.tarena.com (192.168.10.10). Escape character is ‘^]‘. 220 mail.tarena.com ESMTP Postfix mail from:[email protected] 250 2.1.0 Ok rcpt to:[email protected] 554 5.7.1 <[email protected]>: Relay access denied quit 221 2.0.0 Bye Connection closed by foreign host. |
|
[[email protected] ~]# telnet mail.tarena.com 25 //连接服务器 telnet mail.tarena.com 25 Trying 192.168.10.10... Connected to mail.tarena.com (192.168.10.10). Escape character is ‘^]‘. 220 mail.tarena.com ESMTP Postfix helo localhost 250 mail.tarena.com auth login 334 VXNlcm5hbWU6 eWc= 334 UGFzc3dvcmQ6 MTIzNDU2 235 2.0.0 Authentication successful mail from:[email protected] 250 2.1.0 Ok rcpt to:[email protected] 250 2.1.5 Ok quit 221 2.0.0 Bye Connection closed by foreign host. |
邮件过滤
1、根据客户端地址过滤
|
[[email protected] ~]# tail -n 2 /etc/postfix/access 192.168.10.53 REJECT 192.168.10.50 OK [[email protected] ~]# postmap /etc/postfix/access [[email protected] ~]# vim /etc/postfix/main.cf ... 32 smtpd_client_restrictions = check_client_access hash:/etc/postfix/access [[email protected] ~]# postfix reload 做完这个实验请将main.cf 32行注释 |
2、根据发信人地址过滤
34到38行前面是有一个空格的,表是接上一行的内容,可以把他们当成是一行,因为一行写不下才这样写的。
|
[[email protected] ~]# cat /etc/postfix/sender_access [email protected] REJECT [[email protected] ~]# postmap /etc/postfix/sender_access [[email protected] ~]# vim /etc/postfix/main.cf ... 33 smtpd_sender_restrictions = 34 permit_mynetworks, //若从mynetworks网络访问则允许 35 reject_sender_login_mismatch, //发件人与登录信息不符时拒绝 36 reject_non_fqdn_sender, //拒绝不完整的发件域 37 reject_unknown_sender_domain, //拒绝未知的收件域 38 check_sender_access hash:/etc/postfix/sender_access //指定策略库 [[email protected] ~]# service postfix restart 做完这个实验请将main.cf 33-38行注释 |
搭建Webmail系统
需要HTTPD服务,只要启动就可以。
1、安装squirrelmail
|
[[email protected] ~]# yum -y install squirrelmail |
2、配置squirrelmail
|
[[email protected] ~]# vim /etc/squirrelmail/config.php ... 26 $squirrelmail_default_language = ‘zh_CN‘; //默认语言改成中文 28 $domain = ‘tarena.com‘; //域名 29 $imapServerAddress = ‘192.168.10.10‘; //收邮件地址 32 $smtpServerAddress = ‘192.168.10.10‘; //发邮件地址 |
3、启动httpd服务
|
[[email protected] ~]# service httpd restart [[email protected] ~]# chkconfig httpd on |
测试:
在流览器上输入下面的地址,试试自已搭建的网页邮箱吧
http://mail.tarena.com/webmail