電子郵件系統概述

收發信服務(Postfix+Dovecot)

SMTP認證控制

#########################################################

一：準備搭建環境

郵件服務器：mail.tarena.com? 192.168.4.2

郵件域：@tarena.com

郵件帳號：服務器的系統用戶

發信服務軟件：postfix

收信服務軟件：dovecot

提供DNS域名解析：

[root@redhat6 ~]# yum? -y?install? bind? bind-chroot

.. ..

[root@redhat6 ~]# mv? /etc/named.conf? /etc/named.conf.origin

[root@redhat6 ~]# vim? /var/named/chroot/etc/named.conf

.. ..

[root@redhat6 ~]# vim? /var/named/chroot/var/named/tarena.com.zone

.. ..

@???????????? IN????? MX?????5???? ??mail.tarena.com.

mail????????? IN????? A????????????????? 192.168.4.2

.. ..

[root@redhat6 ~]# service named restart

[root@redhat6 ~]# chkconfig? named?on

[root@redhat6 named]# host? -t?MX? tarena.com ????? //客戶端檢查MX記錄

tarena.com mail is handled by 5 mail.tarena.com.

二：構建 postfix 發信服務器 【SMTP協議，TCP 25端口】

1. 安裝 postfix 軟件包

[root@redhat6 ~]# yum? -y?install? postfix

[root@redhat6 ~]# chkconfig? postfix?on

2. 簡化、調整主配置文件，啟動 postfix 服務

[root@redhat6 ~]# cd /etc/postfix/

[root@redhat6 postfix]# postconf? -n?>? tmp.txt

[root@redhat6 postfix]# mv? main.cf?main.cf.origin

[root@redhat6 postfix]# mv? tmp.txt?main.cf

[root@redhat6 ~]# vim? /etc/postfix/main.cf

.. ..

#inet_interfaces = localhost? ?????? ?????? ?????? ?????? //注釋掉此行

myhostname = mail.tarena.com

mydomain = tarena.com ???? ?????? ?????? ?????? ?????? //郵件域

myorigin = $mydomain? ???? ?????? ?????? ?????? ?????? //顯示的發件域

mydestination = $mydomain, $myhostname? ???? ?????? //本地投遞域

home_mailbox = Maildir/? ? ?????? ?????? ?????? //郵箱類型

.. ..

[root@redhat6 ~]# service? postfix?restart

[root@redhat6 ~]# chkconfig? postfix?on

[root@redhat6 ~]# netstat? -antp | grep :25

tcp????0?? 0? 0.0.0.0:25????? 0.0.0.0:*????? LISTEN????? 5927/master

3. 添加電子郵箱賬號

[root@redhat6 ~]# useradd? nick

[root@redhat6 ~]# echo? root?|? passwd? --stdin?nick

[root@redhat6 ~]# useradd? hunter

[root@redhat6 ~]# echo? root?|? passwd? --stdin?hunter

4. 使用 telnet 測試發信(nick給hunter)

[root@redhat6 ~]# yum -y install telnet

[root@svr6 ~]# telnet mail.tarena.com 25 ? ?????? //連接郵件服務器的25端口

Trying 192.168.4.5...

Connected to mail.tarena.com (192.168.4.5).

Escape character is '^]'.

220 mail.tarena.com.com ESMTP Postfix

HELO localhost? ?????? ?????? ?????? ?????? //宣告客戶端的主機地址

250 mail.tarena.com.com

MAIL FROM:nick@tarena.com ? ?????? ?????? ?????? //指定發件人地址

250 2.1.0 Ok

RCPT TO:hunter@tarena.com ?? ?????? ?????? ?????? //指定收件人地址

250 2.1.5 Ok

DATA? ?????? ?????? ?????? ?????? ?????? ?????? //表示要開始寫郵件內容了

354 End data with.

Subject:Test mail 1.? ??? ?????? ?????? ?????? ?????? //指定郵件標題

No.1 mail document.. ..? ??????? ?????? ?????? //輸入文本郵件內容

. ?????? ?????? ?????? ?????? //獨立的 . 表示輸入完畢

250 2.0.0 Ok: queued as D4B5131D8B2

quit ?????? ?????? ?????? ?????? ?????? ?????? ?????? //斷開telnet連接

221 2.0.0 Bye

Connection closed by foreign host.

[root@svr6 ~]#

5. 檢查郵件投遞結果

[root@redhat6 ~]# ls? ~hunter/Maildir/new/ ?? ?????? //新郵件列表

1379059530.V802I3ec129M716267.redhat6.tarena.com

[root@redhat6 ~]# cat~hunter/Maildir/new/1379059530.*

.. ..

Subject:Test mail 1.

No.1 mail document.. ..

Message-Id:<20130913080450.1514631DA0B@mail.benet.com>

Date: Fri, 13 Sep 2013 16:04:40 +0800 (CST)

From: nick@tarena.com

三：構建 dovecot 收信服務器 【POP3/IMAP4協議，TCP 110/143端口】

1. 安裝 dovecot 軟件包

[root@redhat6 ~]# yum? -y?install?? dovecot

[root@redhat6 ~]# chkconfig? dovecot?on

2. 調整 dovecot 服務配置、啟動服務

[root@redhat6 ~]# vim? /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = no? ?????? ?????? ?????? //允許明文認證通信

.. ..

[root@redhat6 ~]# vim? /etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:~/Maildir?? ?? ?????? //明確指定郵箱類型及路徑

[root@redhat6 ~]# service? dovecot?restart

[root@redhat6 ~]# netstat? -anpt | grep?dovecot

tcp???????0????? 0 :::110???????? :::*???????? LISTEN????? 12694/dovecot

tcp???????0????? 0 :::143???????? :::*???????? LISTEN????? 12694/dovecot

3. 使用 telnet 測試收信(hunter)

[root@svr6 ~]# telnet mail.tarena.com 110??????? //連接郵件服務器的110端口

Trying 192.168.4.5...

Connected to mail.tarena.com (192.168.4.5).

Escape character is '^]'.

+OK Dovecot ready.

USER hunter????? ?????? ?????? ?????? ?????? ?????? //以用戶hunter登錄

+OK

PASS 1234567? ?????? ?????? ?????? ?????? ?????? //密碼為1234567

+OK Logged in.

LIST?? ?????? ?????? ?????? ?????? ?????? ?????? //查看郵件列表

+OK 6 messages:

1 451

.

RETR 1????? ?????? ?????? ?????? ?????? ?????? //獲取編號為1的郵件

+OK 451 octets

Return-Path:

X-Original-To: hunter@tarena.com

Delivered-To: hunter@tarena.com

Received: from localhost (svr6.tarena.com[192.168.4.6])

by mail.tarena.com.com (Postfix) with SMTP id D4B5131D8B2

for ; Tue, 22 Oct 2013 14:58:46 +0800 (CST)

Subject:Test mail 1.

No.1 mail document.. ..

.

QUIT ??? ?????? ?????? ?????? ?????? ?????? ?????? //斷開telnet連接

+OK Logging out.

Connection closed by foreign host.

[root@svr6 ~]#

四：實現 SMTP 發信認證

1. 啟動 saslauthd 認證服務

[root@redhat6 ~]# yum? -y?install? cyrus-sasl?? ?????? //此包默認通常已安裝

[root@redhat6 ~]# service? saslauthd?start

[root@redhat6 ~]# chkconfig? saslauthd?on

[root@redhat6 ~]# testsaslauthd? -u hunter?-p 1234567? -s? smtp

0: OK "Success."?? ???? ?????? ?????? ?????? ?????? //檢查saslauthd服務

2. 調整 postfix 配置，啟用SMTP認證

[root@redhat6 ~]# vim? /etc/postfix/main.cf

.. ..

mynetworks = 127.0.0.1? ??? ?????? ?????? ?????? //設置本地網絡

smtpd_sasl_auth_enable = yes? ?? ?????? ?????? ?????? //啟用SASL認證

smtpd_sasl_security_options =noanonymous? ?? ?????? //阻止匿名發信

smtpd_recipient_restrictions =? ?? ?????? ?????? //設置收件人過濾

permit_mynetworks,?permit_sasl_authenticated,

reject_unauth_destination? ????? ?????? ?????? ?????? //拒絕向未授權的目標域發信

[root@redhat6 ~]# service postfix restart

3. 測試 SMTP 發信認證

1)以用戶nick為例，未經過認證登錄時，向外域發郵件會被拒絕

[root@svr6 ~]# telnet mail.tarena.com 25

Trying 192.168.4.5...

Connected to mail.tarena.com (192.168.4.5).

Escape character is '^]'.

220 mail.tarena.com ESMTP Postfix

HELO localhost??? ?????? ?????? ?????? //宣告本機地址

250 mail.tarena.com

MAIL FROM:nick@tarena.com???? ?????? ?????? //指定發件人地址

250 2.1.0 Ok

RCPT TO:TsengYia@126.com? ?????? ?????? ?????? //指定收件人地址

454 4.7.1 : Relayaccess denied

//發送外域的發信請求被拒絕

quit????? ?????? ?????? ?????? ?????? ?????? ?????? //斷開telnet連接

221 2.0.0 Bye

Connection closed by foreign host.

[root@svr6 ~]#

2)為用戶nick為例，生成用戶名、密碼的加密字串

[root@redhat6 ~]# printf? "nick" | openssl? base64

bmljaw==

[root@redhat6 ~]# printf? "1234567" | openssl? base64

MTIzNDU2Nw==

3)認證登錄通過以后，才允許向外域發郵件

[root@svr6 ~]# telnet mail.tarena.com 25

Trying 192.168.4.5...

Connected to mail.tarena.com (192.168.4.5).

Escape character is '^]'.

220 mail.tarena.com ESMTP Postfix

EHLO localhost????? ?????? ?????? ?????? ?????? //加密宣告本機地址

250-mail.tarena.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH PLAIN LOGIN

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

AUTH LOGIN??? ?????? ?????? ?????? ?????? ?????? //聲明要執行認證登錄

334 VXNlcm5hbWU6

bmljaw==???? ?????? ?????? ?????? ?????? ?????? //輸入用戶名nick的BASE64編碼

334 UGFzc3dvcmQ6

MTIzNDU2Nw==?????? ?????? ?????? ?????? ?????? ?????? //輸入密碼1234567的BASE64編碼

235 2.7.0 Authentication successful

MAIL FROM:nick@tarena.com? ?????? ?????? ?????? //指定發件人地址

250 2.1.0 Ok

RCPT TO:TsengYia@126.com??? ?????? ?????? ?????? //指定收件人地址

250 2.1.5 Ok

DATA ??? ?????? ?????? ?????? ?????? ?????? ?????? //開始編寫郵件內容

354 End data with.

Subject:SMTP Auth Test ????? ?????? ?????? ?????? ?????? //指定郵件標題

Hello, here is a test mail. ??????? ?????? ?????? //輸入文本郵件內容

.???? ?????? ?????? ?????? //獨立的 . 表示輸入完畢

250 2.0.0 Ok: queued as 8C48431D8B2

quit????? ?????? ?????? ?????? ?????? ?????? ?????? //斷開telnet連接

221 2.0.0 Bye

Connection closed by foreign host.

[root@svr6 ~]#

#########################################################

五：SMTP認證與郵件過濾

1.根據客戶端地址進行過濾

清楚main.cf的認證設置

[root@redhat6 ~]# service postfix restart

創建acs策略文件

[root@redhat6 ~]# vim /etc/postfix/acs

192.168.4.1 REJECT

192.168.4.3 OK

建立acs.db訪問策略庫

[root@redhat6 ~]# postmap /etc/postfix/acs

修改postfix配置文件，啟用訪問限制

[root@redhat6 ~]# vim /etc/postfix/main.cf

添加

mptd_client_restrictions=check_client_accesshash:/etc/postfix/acs

[root@redhat6 ~]# service postfix restart

驗證(192.168.4.1)

首先查看服務器帳號hunter原有的郵件

[root@redhat6 ~]# ls /home/hunter/Maildir/new/

1409086385.V802I48453M880983.redhat6.tarena.com

1409086620.V802I48454M575804.redhat6.tarena.com

然后用192.168.4.1給hunter發郵件

[root@kvmsvr 桌面]# telnet mail.tarena.com 25

Trying 192.168.4.2...

Connected to mail.tarena.com.

Escape character is '^]'.

220 mail.tarena.com ESMTP Postfix

helo localhost

250 mail.tarena.com

mail from:nick@tarena.com

250 2.1.0 Ok

rcpt to:hunter@tarena.com

250 2.1.5 Ok

data

354 End data with.

Subject:fsfsfsjljljfsl.

fsjljlsfdjlfjlsjflsjfls...

.

250 2.0.0 Ok: queued as A8F3A83DA4

quit

221 2.0.0 Bye

Connection closed by foreign host.

驗證hunter賬戶是否收到郵件

[root@redhat6 ~]# ls/home/hunter/Maildir/new/

結果顯示沒有收到郵件，拒絕了192.168.4.1這個地址發的郵件

2.根據發件人地址進行過濾

首先驗證再沒有限制的時候hunter能夠接收nick的發信

[root@redhat6 ~]# ls/home/hunter/Maildir/new/

1409086385.V802I48453M880983.redhat6.tarena.com

1409086620.V802I48454M575804.redhat6.tarena.com

[root@redhat6 ~]# telnet mail.tarena.com 25

Trying 192.168.4.2...

Connected to mail.tarena.com.

Escape character is '^]'.

220 mail.tarena.com ESMTP Postfix

helo localhost

250 mail.tarena.com

mail from:nick@tarena.com

250 2.1.0 Ok

rcpt to:hunter@tarena.com

250 2.1.5 Ok

data

354 End data with.

Subjece:woshifengzhankui

lalallalalalalalal....

.

250 2.0.0 Ok: queued as 135CA80D30

quit

221 2.0.0 Bye

Connection closed by foreign host.

[root@redhat6 ~]# ls/home/hunter/Maildir/new/

1409086385.V802I48453M880983.redhat6.tarena.com

1409086620.V802I48454M575804.redhat6.tarena.com

1409127143.V802I48458M766240.redhat6.tarena.com

可見正常情況下hunter能夠接收nick的信件

創建策略文件

[root@redhat6 ~]# vim/etc/postfix/sender_access

nick@tarena.com???????? REJECT

生成發送策略庫

[root@redhat6 ~]# postmap/etc/postfix/sender_access

[root@redhat6 ~]# vim /etc/postfix/main.cf

添加

smtpd_sender_restrictions=check_sender_accesshash:/etc/postfix/sender_access

[root@redhat6 ~]# service postfix restart

驗證

[root@redhat6 ~]# telnet mail.tarena.com 25

Trying 192.168.4.2...

Connected to mail.tarena.com.

Escape character is '^]'.

220 mail.tarena.com ESMTP Postfix

helo localhost

250 mail.tarena.com

mail from:nick@tarena.com

250 2.1.0 Ok

rcpt to:hunter@tarena.com

554 5.7.1 : Senderaddress rejected: Access denied

由此可此發現nick@tarena.com地址已經被拒絕

總結

以上是生活随笔為你收集整理的电子邮箱里面的服务器,搭建电子邮件服务器的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。