郵件傳遞原理
發送郵件時:
用戶通過MUA將郵件投遞到MTA
MTA首先將郵件傳給MDA
MDA會根據郵件收件人的不同採取不同的方式處理
收信人和發信人來自同一域:MDA將郵件存放到對應郵件存放地點
收信人和發信人來自不同域:MDA將郵件還給MTA
MTA通過DNS查詢到收件人MTA的IP地址
將郵件投遞到收件人MTA
收件人所在區域MTA將郵件投遞到MDA
MDA將郵件存放到對應郵件存放地點
接受郵件時:
用戶通過MUA連接MRA
MRA在郵件存放地點將郵件收取,並傳遞迴MUA
MUA:郵件用戶代理,客戶端收發郵件的軟件
MTA:郵件傳輸代理,服務器上的部署郵件服務器的軟件
MDA:郵件投遞代理,在郵件服務器上將郵件存放到相應的位置
MRA:郵件收取代理,爲MUA讀取郵件提供標準接口,主要使用POP3和IMAP協議
郵件相關協議
SMTP:簡單郵件傳輸協議TCP25
POP3:郵局協議版本3TCP110
POPs:提供加密的POP3TCP995
IMAP:交互郵件訪問協議TCP143
IMAPs:提供加密的IMAPTCP993
搭建郵件服務首先進行相應的DNS設置
[root@server1 named]# vim/var/named/chroot/var/named/tarena.com.zone $TTL 86400 @ IN SOA example.com. root.example.com. ( 2014030601 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400) ; Minimum IN NS dns1.example.com. IN MX 5 mail.example.com. 添加MX記錄 dns1 IN A 192.168.10.254 ;www IN A 192.168.10.1 mail IN A 192.168.10.1 添加A記錄 [root@server1 named]# service named restart
檢查MX記錄
[root@localhost ~]# host -t example.com example.com mail is handled by 5mail.example.com.
檢查地址解析
[root@localhost ~]# host mail.example.com mail.tarena.com has address 192.168.10.1
搭建發信服務,由於postfix發信服務端口號爲25,sendmail服務使用的端口號也爲25,所以要先把sendmail服務停止。
[root@localhost ~]# service sendmail stop [root@localhost ~]# chkconfig sendmail off
安裝postfix服務軟件包
[root@localhost ~]# yum install postfix –y [root@localhost ~]# chkconfig --add postfix [root@localhost ~]# chkconfig --listpostfix postfix 0:關閉 1:關閉 2:啓用 3:啓用 4:啓用 5:啓用 6:關閉 postconf命令 –n選項查看非默認配置,-d查看默認配置。將非默認配置過濾出來放到main.cf文件中。 [root@localhost postfix]# postconf -n >ls.txt [root@localhost postfix]# mv main.cf main.cf.bak [root@localhost postfix]# mv ls.txt main.cf 編輯postfix主配置文件main.cf。 [root@localhost postfix]# vim/etc/postfix/main.cf alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no #inet_interfaces = localhost 將此項設置註釋掉,若存在此項設置,進程監聽的爲本地迴環的端口25,註釋掉之後監聽any的25端口。也只可以指定監聽主機地址。 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination =$myhostname,$mydomain 能夠本地投遞的收件域 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory =/usr/share/doc/postfix-2.3.3/README_FILES sample_directory =/usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 myhostname = mail.example.com 服務器主機名 mydomain = example.com 主郵件域 myorigin = $mydomain 外發郵件的發件域地址 home_mailbox = Maildir/ 郵箱位置及類型。Mailbox每個用戶一個郵件文件,Maildir每個用戶一個郵件目錄。
查看端口25的服務狀態
[root@localhost postfix]# netstat -autn |grep :25 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN [root@localhost postfix]# service postfix restart
新建兩個普通用戶並設置密碼,設置爲不需要登錄。
[root@localhost postfix]# useradd -s /sbin/nologin jacky [root@localhost postfix]# useradd -s /sbin/nologin hunter
發送郵件
[root@localhost postfix]# telnet mail.example.com 25 Trying 192.168.10.1... Connected to mail.example.com (192.168.10.1). Escape character is '^]'. 220 mail.example.com ESMTP Postfix MAIL FROM:[email protected] 發件人 250 2.1.0 Ok RCPT TO:[email protected] 收件人 250 2.1.5 Ok DATA 發送郵件的內容 354 End data with<CR><LF>.<CR><LF> SUBJECT:TEST 發送郵件的主題 jslaknmgam;lfsad. . 250 2.0.0 Ok: queued as 6D8CF3152DC Quit 退出 221 2.0.0 Bye Connection closed by foreign host. 在收件人家目錄的Maildir目錄中能夠查看到剛發送的文件。New爲未查看的新郵件,cur存放查看過的文件。 [root@localhost~]# ls /home/hunter/Maildir/ cur new tmp
安裝dovecot收信服務。
[root@localhost ~]# yum install dovecot -y [root@localhost ~]# service dovecot restart [root@localhost ~]# chkconfig dovecot on
編輯dovecot服務的主配置文件。一般不需要對其進行配置。
[root@localhost ~]# vim /etc/dovecot.conf [root@localhost ~]# telnet mail.example.com 110 Trying 192.168.10.1... Connected to mail.example.com (192.168.10.1). Escape character is '^]'. +OK Dovecot ready. user hunter 輸入用戶名 +OK pass 123 輸入密碼 +OK Logged in. List 查看郵件列表 +OK 1 messages: 1 445 . retr 1 查看指定郵件內容 +OK 445 octets Return-Path: <[email protected]> X-Original-To: [email protected] Delivered-To: [email protected] Received: from unknown (unknown[192.168.10.1]) by mail.tarena.com (Postfix) with SMTP id BC2123152DC for <[email protected]>; Mon, 10 Mar 2014 11:23:30 +0800 (CST) Message-Id:<[email protected]> Date: Mon, 10 Mar 2014 11:23:30 +0800 (CST) From: [email protected] To: undisclosed-recipients:; mklsml;sma;mg. quit 退出 +OK Logging out. Connection closed by foreign host. .
SMTP認證控制。
需要安裝cyrus-sasl軟件包
[root@localhost ~]# rpm -q cyrus-sasl cyrus-sasl-2.1.22-7.el5_8.1
編輯主配置文件。主配置文件不存在,需新建,模板可參考/usr/lib64/sasl2/smtpd.conf
[root@localhost ~]# vim /etc/sasl2/smtpd.conf r:/usr/lib64/sasl2/smtpd.conf pwcheck_method: saslauthd [root@localhost ~]# service saslauthd restart [root@localhost ~]# chkconfig saslauthd on
檢查saslauthd服務
[root@localhost ~]# testsaslauthd -u hunter -p 123 -s smtp 0: OK "Success."
編輯postfix主配置文件
[root@localhost ~]# vim /etc/postfix/main.cf mynetworks = 127.0.0.1 設置本地網絡 smtpd_sasl_auth_enable = yes 啓用sasl認證 smtpd_sasl_security_options = noanonymous 阻止匿名發信 smtpd_recipient_restrictions = 設置收件人過濾(如果設置項過長,回車換行後另起一行以空格開頭則可以表示此行與上一行連接) permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination 拒絕向未授權的目標域發信 [root@localhost ~]# service postfix restart
獲得base64編碼的認證字串。(用戶名密碼都需要)
[root@localhost ~]# printf "hunter" |openssl base64 aHVudGVy [root@localhost ~]# printf "123"|openssl base64 MTIz
此時發信則需要用戶名密碼登陸驗證後才允許發信
[root@localhost ~]# telnet mail.example.com 25 Trying 192.168.10.1... Connected to mail.example.com (192.168.10.1). Escape character is '^]'. 220 mail.example.com ESMTP Postfix auth login 登陸命令 334 VXNlcm5hbWU6 aHVudGVy 填寫用戶名的base64編碼的認證字串 334 UGFzc3dvcmQ6 MTIz 密碼的base64編碼的認證字串 235 2.0.0 Authentication successful mail from:[email protected] 發件人 250 2.1.0 Ok rcpt to:[email protected] 收件人 250 2.1.5 Ok data 郵件內容 354 End data with<CR><LF>.<CR><LF> 219u03213213. . 250 2.0.0 Ok: queued as 35E18315309 Quit 退出 221 2.0.0 Bye Connection closed by foreign host.
郵件的過濾
根據客戶端地址過濾
[root@localhost ~]# vim /etc/postfix/access 192.168.10 REJECT 192.168.10.49 OK
建立access.db訪問策略庫
[root@localhost ~]# postmap /etc/postfix/access
在main.cf主配置文件中添加以下內容
[root@localhost ~]# vim /etc/postfix/main.cf smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
重新加載postfix服務
[root@localhost ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
根據發件人過濾
[root@localhost ~]# vim /etc/postfix/sender_access [email protected] REJECT [root@localhost ~]# postmap /etc/postfix/sender_access [root@localhost ~]# vim /etc/postfix/main.cf smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access hash:/etc/postfix/sender_access [root@localhost ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system [root@localhost ~]# vim /etc/postfix/recipient_access [email protected] REJECT [root@localhost ~]# postmap /etc/postfix/recipient_access [root@localhost ~]# vim /etc/postfix/main.cf smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain check_recipient_access hash:/etc/postfix/recipient_access [root@localhost ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system
搭建webmail郵件系統
安裝squirrelmail軟件包
[root@localhost ~]# yum -y install squirrelmail [root@localhost ~]# rpm -q squirrelmail squirrelmail-1.4.8-21.el5 [root@localhost ~]# grep "^Include" /etc/httpd/conf/httpd.conf Include conf.d/*.conf [root@localhost ~]# service httpd restart [root@localhost ~]# tail -1 /etc/httpd/conf.d/squirrelmail.conf Alias /webmail /usr/share/squirrelmail 訪問地址設置別名,可以更改。 [root@localhost ~]# vim /etc/squirrelmail/config.php $squirrelmail_default_language ='zh_CN'; 語言改爲中文 $domain = 'example.com'; 服務器域名 $imapServerAddress = '192.168.10.1'; 發件服務器 $imapPort = 143; 接收端口號 $useSendmail = true; $smtpServerAddress = '192.168.10.1'; 發件服務器 $smtpPort = 25; 發送端口號 $sendmail_path = '/usr/sbin/sendmail'; [root@localhost ~]# service httpd restart