第四单元 配置电子邮件传输
一、基本电子邮件发送
1.电子邮件发送
1)服务器使用SMTP协议将电子邮件提交至TCP端口25,或由本地客户端通过/usr/bin/sendmail程序进行提交。如果该MTA是最终目标位置,邮件将传递至MDA。否则,将使用MX记录在DNS中查找下一个MTA,并使用SMTP进行转发。
2)MDA:“邮件发送代理”。MDA将邮件发送至收件人的本地邮件存储位置(默认情况下是/var/spool/mail/user)。Postfix提供自己的MDA,以发送至基于文件的本地默认邮件存储位置/usr/libexec/postfix/local.
3)转发:电子邮件服务器(MTA)将提交的邮件转发至另一个服务器,以进行发送
4)排队:失败的发送或转发尝试排队等待,并由MTA定义重试。(默认情况下,Postfix每小时执行此操作一次)
5)拒绝:在首次提交期间,电子邮件被电子邮件服务器拒绝
6)退回:远程服务器接受电子邮件以进行发送以后,又将该电子邮件退回给始发电子邮件服务器和/或用户
7)电子邮件以进行发送以后,又将该电子邮件退回给始发电子邮件服务器和/或用户
a.Postfix由postfix RPM包提供,并通过postfix服务脚本控制。它是一个由多个协同操作程序构成的模块化程序,它的组件由master进程控制。
b.Postfix的主配置文件是/etc/postfix/main.cf,可以使用文本编辑器或postconf命令进行编辑。postconf命令还可用于确定Postfix的所有当前和默认配置设置或逐项确定这些设置。
c.默认情况下,Postfix仅侦听来自本地主机的传入电子邮件。若要重新配置postfix以接收从远程主机发送的本地邮件,必须在/etc/postfix/main.cf中设置inet_interfaces = all
d.对电子邮件进行故障排除时,将在/var/log/maillog中保留所有与邮件相关的操作日志,其中包括关于被事件和成功事件的信息。mailq命令(或postqueue -p)显示已排队的所有传出邮件的列表。若要尝试再次立即发送所有已排队的邮件,可以运行postfix flush命令(或postqueue -f);否则,postfix将大约每小时尝试重新发送一次,直至邮件被接受或过期。
2.重要的Postfix配置指令:可以在/etc/postfix/main.cf文件中找到以下所有指令。
1)myorigin
重写本地发布的电子邮件,使其显示为来自该域。这样有助于确保响应返回入站邮件服务器
默认:myorigin = $myhostname
2)inet_interfaces
控制Postfix侦听传入电子邮件的网络接口。如果设置为loopback-only,仅侦听127.0.0.1和::1,如果设置为all,则侦听所有网络接口。还可以指定特定地址。
默认:inet_interfaces = localhost
3)mydestination
收到地址为这些域的电子邮件将传递至MDA,以进行本地发送。
默认:mydestination = $myhostname, localhost.$mydomain, localhost
4)mynetworks
IP地址和网络的逗号分隔列表(采用CIDR表示法)。这些地址和网络可以通过此MTA转发至任何位置,无需进一步身份验证。
默认:mynetworks = 127.0.0.0/8
5)relayhost
relayhost转发所有通过的出站邮件。通常用方括号指定,以阻止MX记录查找。
默认:relayhost =
6)local_transport
收件地址为$mydestination的邮件的发送方式。默认情况下,设置为local:$myhostname(使用Local MDA将传入电子邮件发送到/var/spool/mail中的本地邮件存储位置)
默认:local_transport = local:$myhostname
7)postconf -d 显示默认值。
8)postconf -n显示不同于默认值的更改。
二、空壳邮件客户端
实际上,大多数组织不再只用一个邮件服务器来处理所有入站和出战电子邮件。相反,出于安全方面的考虑邮件服务器专门针对特定角色进行了设置,以便可以面向其具体针
对的应用程序更好标准角色包括:
1.null客户端:运行本地MTA的客户端计算机,使所有电子邮件都可以转发至*邮件服务器以进行发送,null客户端不接受任何电子邮件的本地发送。
2.仅入站邮件服务器:在站点处理用户的所有传入电子邮件,并将之传递给MDA以发送至用户邮件存储位置的邮件服务器。在实际情况中,通常会在仅入站邮件服务器前端安装反垃圾邮件服务器或设备,以过滤垃圾邮件并且仅将 正常邮件转发至入站邮件服务器。
3.出站邮件转发:出站邮件转发(或“smarthost”)接收所有出站邮件,并使用MX记录和SMTP协议将邮件转发至目标位置 。
三、示例
1.配置基本环境
#mail-qq端
[root@mail-qq ~]# yum install bind -y
[root@mail-qq ~]# vim /etc/named.conf #允许所有主机连接
#// listen-on port 53 { 127.0.0.1; };
#// listen-on-v6 port 53 { ::1; };
# directory "/var/named";
# dump-file "/var/named/data/cache_dump.db";
# statistics-file "/var/named/data/named_stats.txt";
# memstatistics-file "/var/named/data/named_mem_stats.txt";
#// allow-query { localhost; };
# dnssec-enable yes;
# dnssec-validation no;
# dnssec-lookaside auto;
[root@mail-qq ~]# vim /etc/named.rfc1912.zones #正向解析
#zone "qq.com" IN {
# type master;
# file "qq.com.zone";
# allow-update { none; };
#};
#zone "westos.com" IN {
# type master;
# file "westos.com.zone";
# allow-update { none; };
#};
[root@mail-qq named]# cd /var/named/
[root@mail-qq named]# ls
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@mail-qq named]# cp -p named.localhost qq.com.zone
[root@mail-qq named]# vim qq.com.zone
[root@mail-qq named]# cat qq.com.zone
$TTL 1D
@ IN SOA dns.qq.com. root.qq.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.qq.com.
dns A 172.25.254.142
qq.com. MX 1 172.25.254.142.
[root@mail-qq named]# cp -p qq.com.zone westos.com.zone
[root@mail-qq named]# vim westos.com.zone
[root@mail-qq named]# cat westos.com.zone
$TTL 1D
@ IN SOA dns.westos.com. root.westos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.westos.com.
dns A 172.25.254.142
westos.com. MX 1 172.25.254.242.
[root@mail-qq named]# systemctl start named
[root@mail-qq named]# systemctl stop firewalld.service
[root@mail-qq named]# systemctl disable firewalld.service
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@mail-qq named]# vim /etc/resolv.conf
[root@mail-qq named]# cat /etc/resolv.conf
# Generated by NetworkManager
search qq.com
nameserver 172.25.254.142
[root@mail-qq named]# dig -t mx qq.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8303
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qq.com. IN MX
;; ANSWER SECTION:
qq.com. 86400 IN MX 1 172.25.254.142.
;; AUTHORITY SECTION:
qq.com. 86400 IN NS dns.qq.com.
;; ADDITIONAL SECTION:
dns.qq.com. 86400 IN A 172.25.254.142
;; Query time: 0 msec
;; SERVER: 172.25.254.142#53(172.25.254.142)
;; WHEN: Thu Apr 20 21:59:10 EDT 2017
;; MSG SIZE rcvd: 99
[root@mail-qq named]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57470
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.242.
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.142
;; Query time: 0 msec
;; SERVER: 172.25.254.142#53(172.25.254.142)
;; WHEN: Thu Apr 20 21:59:16 EDT 2017
;; MSG SIZE rcvd: 103
#mail-westos端
[root@mail-westos ~]# systemctl stop firewalld.service
[root@mail-westos ~]# systemctl disable firewalld.service
rm '/etc/systemd/system/basic.target.wants/firewalld.service'
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
[root@mail-westos ~]# vim /etc/resolv.conf
[root@mail-westos ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search westos.com
nameserver 172.25.254.142
[root@mail-westos ~]# dig -t mx qq.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46511
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;qq.com. IN MX
;; ANSWER SECTION:
qq.com. 86400 IN MX 1 172.25.254.142.
;; AUTHORITY SECTION:
qq.com. 86400 IN NS dns.qq.com.
;; ADDITIONAL SECTION:
dns.qq.com. 86400 IN A 172.25.254.142
;; Query time: 1 msec
;; SERVER: 172.25.254.142#53(172.25.254.142)
;; WHEN: Thu Apr 20 21:57:54 EDT 2017
;; MSG SIZE rcvd: 99
[root@mail-westos ~]# dig -t mx westos.com
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21706
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;westos.com. IN MX
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.242.
;; AUTHORITY SECTION:
westos.com. 86400 IN NS dns.westos.com.
;; ADDITIONAL SECTION:
dns.westos.com. 86400 IN A 172.25.254.142
;; Query time: 0 msec
;; SERVER: 172.25.254.142#53(172.25.254.142)
;; WHEN: Thu Apr 20 21:58:01 EDT 2017
;; MSG SIZE rcvd: 103
[root@mail-westos ~]#
2.发邮件收邮件
#mail-qq端
[root@mail-qq named]# >/var/log/maillog
[root@mail-qq named]# mail root@westos.com
Subject: aa
aa
.
EOT
[root@mail-qq named]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
DDCC017E876 416 Thu Apr 20 22:30:02 root@mail-qq.qq.com
(connect to 172.25.254.242[172.25.254.242]:25: Connection refused)
root@westos.com
-- 0 Kbytes in 1 Request.
[root@mail-qq named]# cat /var/log/maillog
Apr 20 22:30:02 mail-qq postfix/pickup[1380]: DDCC017E876: uid=0 from=<root>
Apr 20 22:30:02 mail-qq postfix/cleanup[30746]: DDCC017E876: message-id=<20170421023002.DDCC017E876@mail-qq.qq.com>
Apr 20 22:30:02 mail-qq postfix/qmgr[1381]: DDCC017E876: from=<root@mail-qq.qq.com>, size=416, nrcpt=1 (queue active)
Apr 20 22:30:02 mail-qq postfix/smtp[30748]: warning: numeric domain name in resource data of MX record for westos.com: 172.25.254.242
Apr 20 22:30:02 mail-qq postfix/smtp[30748]: connect to 172.25.254.242[172.25.254.242]:25: Connection refused
Apr 20 22:30:03 mail-qq postfix/smtp[30748]: DDCC017E876: to=<root@westos.com>, relay=none, delay=0.15, delays=0.13/0.02/0/0, dsn=4.4.1, status=deferred (connect to 172.25.254.242[172.25.254.242]:25: Connection refused)
[root@mail-qq named]# netstat -antlpe | grep master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 24066 1379/master
tcp6 0 0 ::1:25 :::* LISTEN 0 24067 1379/master
[root@mail-qq named]# vim /etc/postfix/main.cf
#116 inet_interfaces = all
[root@mail-qq named]# systemctl restart postfix.service
[root@mail-qq named]# netstat -antlpe | grep master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 108540 30966/master
tcp6 0 0 :::25 :::* LISTEN 0 108541 30966/master
[root@mail-qq named]# postqueue -f
[root@mail-qq named]# mailq
Mail queue is empty
[root@mail-qq named]# >/var/log/maillog
[root@mail-qq named]# vim /etc/postfix/main.cf
#164 mydestination = $myhostname, $mydomain, localhost
# 76 myhostname = mail-qq.qq.com
# 83 mydomain = qq.com
# 99 myorigin = $mydomain
[root@mail-qq named]# systemctl restart postfix.service
[root@mail-qq named]# mail root@westos.com
Subject: 233
233
.
EOT
[root@mail-qq named]# mailq
Mail queue is empty
[root@mail-qq named]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 2 messages 1 new
1 user@localhost.local Thu Apr 20 21:30 518/36184 "[abrt] full crash report"
>N 2 root Thu Apr 20 22:46 21/700 "33"
& 2
Message 2:
From root@westos.com Thu Apr 20 22:46:44 2017
Return-Path: <root@westos.com>
X-Original-To: root@qq.com
Delivered-To: root@qq.com
Date: Thu, 20 Apr 2017 22:46:44 -0400
To: root@qq.com
Subject: 33
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@westos.com (root)
Status: R
33
& q
Held 2 messages in /var/spool/mail/root
You have mail in /var/spool/mail/root
#mail-westos端
[root@mail-westos ~]# >/var/log/maillog
[root@mail-westos ~]# netstat -antlpe | grep master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 24357 1374/master
tcp6 0 0 ::1:25 :::* LISTEN 0 24358 1374/master
[root@mail-westos ~]# vim /etc/postfix/main.cf
#116 inet_interfaces = all
[root@mail-westos ~]# systemctl restart postfix.service
[root@mail-westos ~]# netstat -antlpe | grep master
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 108525 30540/master
tcp6 0 0 :::25 :::* LISTEN 0 108526 30540/master
[root@mail-westos ~]# mailq
Mail queue is empty
[root@mail-westos ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 user@localhost.local Thu Apr 20 21:40 515/36032 "[abrt] full crash report"
& q
Held 1 message in /var/spool/mail/root
[root@mail-westos ~]# >/var/log/maillog
[root@mail-westos ~]# vim /etc/postfix/main.cf
#164 mydestination = $myhostname, $mydomain, localhost
# 76 myhostname = mail-westos.westos.com
# 83 mydomain = westos.com
# 99 myorigin = $mydomain
[root@mail-westos ~]# systemctl restart postfix.service
[root@mail-westos ~]# mailq
Mail queue is empty
[root@mail-westos ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 2 messages 1 new 2 unread
U 1 user@localhost.local Thu Apr 20 21:40 516/36042 "[abrt] full crash report"
>N 2 root Thu Apr 20 22:44 21/704 "233"
& 2
Message 2:
From root@qq.com Thu Apr 20 22:44:34 2017
Return-Path: <root@qq.com>
X-Original-To: root@westos.com
Delivered-To: root@westos.com
Date: Thu, 20 Apr 2017 22:44:33 -0400
To: root@westos.com
Subject: 233
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@qq.com (root)
Status: R
233
& q
Held 2 messages in /var/spool/mail/root
[root@mail-westos ~]# mail root@qq.com
Subject: 33
33
.
EOT
[root@mail-westos ~]# mailq
Mail queue is empty
[root@mail-westos ~]#
3.远程发邮件
[kiosk@foundation42 yum.repos.d]$ telnet 172.25.254.142 25
Trying 172.25.254.142...
Connected to 172.25.254.142.
Escape character is '^]'.
220 mail-qq.qq.com ESMTP Postfix
mail from:root@qq.com
250 2.1.0 Ok
rcpt to:root@westos.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
aaaaaaaa
aaaaaaaaaaaaa
.
250 2.0.0 Ok: queued as 2069117E876
quit
221 2.0.0 Bye
Connection closed by foreign host.
[kiosk@foundation42 yum.repos.d]$
[root@mail-westos ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 3 messages 1 new 2 unread
U 1 user@localhost.local Thu Apr 20 21:40 516/36042 "[abrt] full crash report"
2 root Thu Apr 20 22:44 22/715 "233"
>N 3 root@qq.com Thu Apr 20 23:04 14/496
& 3
Message 3:
From root@qq.com Thu Apr 20 23:04:18 2017
Return-Path: <root@qq.com>
X-Original-To: root@westos.com
Delivered-To: root@westos.com
Status: R
aaaaaaaa
aaaaaaaaaaaaa
& q
Held 3 messages in /var/spool/mail/root
You have mail in /var/spool/mail/root
[root@mail-westos ~]#
4.远程接受邮件
######配置了DNS的服务端######
[root@mail-qq named]# mail student@westos.com #向用户student@westos.com发送邮件
Subject: 2333
2333
.
EOT
[root@mail-qq named]# mailq #邮件已发送
Mail queue is empty
[root@mail-qq named]# mail
No mail for root
[root@mail-qq named]#
######拥有dovecot的客户端######
[root@mail-westos ~]# mail
No mail for root
[root@mail-westos ~]# mail -u student
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/student": 1 message 1 new
>N 1 root Thu Apr 20 23:23 21/718 "2333"
& 1
Message 1:
From root@qq.com Thu Apr 20 23:23:45 2017
Return-Path: <root@qq.com>
X-Original-To: student@westos.com
Delivered-To: student@westos.com
Date: Thu, 20 Apr 2017 23:23:44 -0400
To: student@westos.com
Subject: 2333
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@qq.com (root)
Status: R
2333
& q
Held 1 message in /var/mail/student
[root@mail-westos ~]# yum install dovecot -y #下载dovecot,用来接受文件,993-pop3s,995-imaps,110-pop,143-imap
[root@mail-westos ~]# systemctl restart dovecot
[root@mail-westos ~]# netstat -antlpe | grep dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 132321 31303/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 0 132297 31303/dovecot
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 0 132295 31303/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 0 132319 31303/dovecot
tcp6 0 0 :::993 :::* LISTEN 0 132322 31303/dovecot
tcp6 0 0 :::995 :::* LISTEN 0 132298 31303/dovecot
tcp6 0 0 :::110 :::* LISTEN 0 132296 31303/dovecot
tcp6 0 0 :::143 :::* LISTEN 0 132320 31303/dovecot
[root@mail-westos ~]# >/var/log/maillog
[kiosk@foundation42 ~]$ mutt -f pop://student@172.25.254.242
[root@mail-westos ~]# cat /var/log/maillog
Apr 20 23:28:33 mail-westos dovecot: pop3-login: Login: user=<student>, method=PLAIN, rip=172.25.254.42, lip=172.25.254.242, mpid=31358, TLS, session=<KXkj2qRNEgCsGf4q>
Apr 20 23:28:33 mail-westos dovecot: pop3(student): Error: user student: Initialization failed: Namespace '': Mail storage autodetection failed with home=/home/student
Apr 20 23:28:33 mail-westos dovecot: pop3(student): Error: Invalid user settings. Refer to server log for more information.
Apr 20 23:28:39 mail-westos dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=172.25.254.42, lip=172.25.254.242, session=<Xb1/2qRNEwCsGf4q>
[root@mail-westos ~]# vim /etc/dovecot/dovecot.conf
# 24 protocols = imap pop3 lmtp
# 49 disable_plaintext_auth = no
[root@mail-westos ~]# vim /etc/dovecot/conf.d/10-mail.conf
# 30 mail_location = mbox:~/mail:INBOX=/var/mail/%u
[root@mail-westos ~]# systemctl restart dovecot.service
[root@mail-westos ~]# >/var/log/maillog
[kiosk@foundation42 ~]$ mutt -f pop://student@172.25.254.242
[root@mail-westos ~]# cat /var/log/maillog
Apr 20 23:31:47 mail-westos dovecot: pop3-login: Login: user=<student>, method=PLAIN, rip=172.25.254.42, lip=172.25.254.242, mpid=31489, TLS, session=<VzG15aRNFACsGf4q>
Apr 20 23:31:47 mail-westos dovecot: pop3(student): Error: chown(/home/student/mail/.imap, group=12(mail)) failed: Operation not permitted (egid=1000(student), group based on /var/mail/student - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
Apr 20 23:31:47 mail-westos dovecot: pop3(student): Error: Couldn't open INBOX: Permission denied
Apr 20 23:31:47 mail-westos dovecot: pop3(student): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0
Apr 20 23:31:53 mail-westos dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=172.25.254.42, lip=172.25.254.242, session=<D50R5qRNFQCsGf4q>
[root@mail-westos ~]# su - student
[student@mail-westos ~]$ mkdir /home/student/mail/.imap
[student@mail-westos ~]$ exit
logout
[root@mail-westos ~]# >/var/log/maillog
[kiosk@foundation42 ~]$ mutt -f pop://student@172.25.254.242
[root@mail-westos ~]# cat /var/log/maillog
Apr 20 23:33:07 mail-westos dovecot: pop3-login: Login: user=<student>, method=PLAIN, rip=172.25.254.42, lip=172.25.254.242, mpid=31541, TLS, session=<OwF/6qRNGACsGf4q>
Apr 20 23:33:07 mail-westos dovecot: pop3(student): Error: chown(/home/student/mail/.imap/INBOX, group=12(mail)) failed: Operation not permitted (egid=1000(student), group based on /var/mail/student - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
Apr 20 23:33:07 mail-westos dovecot: pop3(student): Error: Couldn't open INBOX: Permission denied
Apr 20 23:33:07 mail-westos dovecot: pop3(student): Couldn't open INBOX top=0/0, retr=0/0, del=0/0, size=0
Apr 20 23:33:13 mail-westos dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=172.25.254.42, lip=172.25.254.242, session=<E2Xb6qRNGQCsGf4q>
[root@mail-westos ~]# su - student
Last login: Thu Apr 20 23:32:12 EDT 2017 on pts/0
[student@mail-westos ~]$ touch /home/student/mail/.imap/INBOX
[student@mail-westos ~]$ exit
logout
[root@mail-westos ~]#
[kiosk@foundation42 ~]$ mutt -f pop://student@172.25.254.242
1 kept, 0 deleted.
5.远程图形界面接发邮件
######真机,下载邮件客户端thunderbird######
[root@foundation42 ~]# rpm -ivh /home/kiosk/Desktop/thunderbird-31.2.0-1.el7.x86_64.rpm
warning: /home/kiosk/Desktop/thunderbird-31.2.0-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:thunderbird-31.2.0-1.el7 ################################# [100%]
[root@foundation42 ~]# thunderbird
######拥有dovecot的客户端######
[root@mail-westos ~]# vim /etc/dovecot/dovecot.conf
# 48 login_trusted_networks = 0.0.0.0/0 #接受所有主机的发送过来的邮件
[root@mail-westos ~]# systemctl restart dovecot.service
######配置了DNS的服务端######
[root@mail-qq named]# vim /etc/named.rfc1912.zones #dns正向解析
# 37 zone "eastos.com" IN {
# 38 type master;
# 39 file "eastos.com.zone";
# 40 allow-update { none; };
# 41 };
[root@mail-qq named]# ls
data dynamic named.ca named.empty named.localhost named.loopback qq.com.zone slaves westos.com.zone
[root@mail-qq named]# cp -p westos.com.zone eastos.com.zone
[root@mail-qq named]# vim eastos.com.zone
[root@mail-qq named]# cat eastos.com.zone
$TTL 1D
@ IN SOA dns.eastos.com. root.eastos.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS dns.eastos.com.
dns A 172.25.254.142
eastos.com. MX 1 172.25.254.116.
[root@mail-qq named]# systemctl restart named
6.连接数据库的虚拟帐号
######创建email数据库,emailuser虚拟用户数据表######
[root@mail-qq named]# yum install mariadb-server -y #下载mysql
[root@mail-qq named]# vim /etc/my.cnf
# 10 skip-networking=1 #跳过网络端口,不对外开放
[root@mail-qq named]# systemctl restart mariadb
[root@mail-qq named]# mysql_secure_installation #mysql安全安装加密
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@mail-qq named]# yum install httpd php php-mysql -y #下载httpd,php,php-mysql
[root@mail-qq html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/docs/software/
lftp 172.25.254.250:/pub/docs/software> ls
-rwxr-xr-x 1 1000 1000 3086326 Dec 25 2013 phpMyAdmin-2.11.3-all-languages.tar.bz2
-rwxr-xr-x 1 1000 1000 4548030 Dec 25 2013 phpMyAdmin-3.4.0-all-languages.tar.bz2
-rw-rw-r-- 1 1000 1000 2713600 Jun 07 2015 taobao.tar
-rwxr-xr-x 1 1000 1000 52387876 Feb 01 2015 thunderbird-31.2.0-1.el7.x86_64.rpm
-rwxr-xr-x 1 1000 1000 36902724 Feb 01 2015 thunderbird-31.4.0.tar.bz2
lftp 172.25.254.250:/pub/docs/software> get phpMyAdmin-3.4.0-all-languages.tar.bz2
4548030 bytes transferred
lftp 172.25.254.250:/pub/docs/software> quit
[root@mail-qq html]# ls
phpMyAdmin-3.4.0-all-languages.tar.bz2
[root@mail-qq html]# tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2
[root@mail-qq html]# ls
phpMyAdmin-3.4.0-all-languages phpMyAdmin-3.4.0-all-languages.tar.bz2
[root@mail-qq html]# rm -fr phpMyAdmin-3.4.0-all-languages.tar.bz2
[root@mail-qq html]# ls
phpMyAdmin-3.4.0-all-languages
[root@mail-qq html]# mv phpMyAdmin-3.4.0-all-languages/ mysqladmin
[root@mail-qq html]# ls
mysqladmin
[root@mail-qq html]# cd mysqladmin/
[root@mail-qq mysqladmin]# cp config.sample.inc.php config.inc.php
[root@mail-qq mysqladmin]# vim config.inc.php
# 17 $cfg['blowfish_secret'] = 'westos';
[root@mail-qq mysqladmin]# systemctl restart httpd
[root@mail-qq mysqladmin]# firefox
######授权给postfix用户######
[root@mail-qq mysqladmin]# mysql -uroot -pwestos
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 5.5.35-MariaDB MariaDB Server
Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE USER postfix@localhost identified by "postfix";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT INSERT,SELECT,UPDATE ON email.* to postfix@localhost;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
[root@mail-qq mysqladmin]# firefox
######创建vmail用户,作为虚拟用户的使用身份######
[root@mail-qq mysqladmin]# cd
[root@mail-qq ~]# groupadd -g 888 vmail
[root@mail-qq ~]# useradd -g 888 -u 888 vmail
[root@mail-qq ~]# cd /home/vmail/
######建立postfix文件mailuser.cf,maildomain.cf,mailbox.cf,可查找虚拟用户名,domain,以及maildir目录######
[root@mail-qq vmail]# cd /etc/postfix/
[root@mail-qq postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport
[root@mail-qq postfix]# vim mailuser.cf
[root@mail-qq postfix]# cat mailuser.cf
hosts = localhost
user = postfix
password = postfix
dbname = email
table = emailuser
select_field = username
where_field = username
[root@mail-qq postfix]# postmap -q "lee@westos.com" mysql:/etc/postfix/mailuser.cf
lee@westos.com
[root@mail-qq postfix]# postmap -q "loo@westos.com" mysql:/etc/postfix/mailuser.cf
[root@mail-qq postfix]# cp mailuser.cf maildomain.cf
[root@mail-qq postfix]# cp mailuser.cf mailbox.cf
[root@mail-qq postfix]# vim maildomain.cf
[root@mail-qq postfix]# cat maildomain.cf
hosts = localhost
user = postfix
password = postfix
dbname = email
table = emailuser
select_field = domain #既定事实,数据表的段名
where_field = domain #想要查找的domain
[root@mail-qq postfix]# postmap -q "westos.com" mysql:/etc/postfix/maildomain.cf
westos.com
[root@mail-qq postfix]# postmap -q "qq.com" mysql:/etc/postfix/maildomain.cf
[root@mail-qq postfix]# vim mailbox.cf
[root@mail-qq postfix]# cat mailbox.cf
hosts = localhost
user = postfix
password = postfix
dbname = email
table = emailuser
select_field = maildir
where_field = username
[root@mail-qq postfix]# postmap -q "lee@westos.com" mysql:/etc/postfix/mailbox.cf
/var/spool/westos.com/lee/
[root@mail-qq postfix]# postmap -q "loo@westos.com" mysql:/etc/postfix/mailbox.cf
[root@mail-qq postfix]#
######用虚拟用户发送邮件######
[root@mail-qq postfix]# postconf -d | grep virtual
address_verify_virtual_transport = $virtual_transport
propagate_unmatched_extensions = canonical, virtual
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_delivery_slot_cost = $default_delivery_slot_cost
virtual_delivery_slot_discount = $default_delivery_slot_discount
virtual_delivery_slot_loan = $default_delivery_slot_loan
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_extra_recipient_limit = $default_extra_recipient_limit
virtual_gid_maps =
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps =
virtual_minimum_delivery_slots = $default_minimum_delivery_slots
virtual_minimum_uid = 100
virtual_recipient_limit = $default_recipient_limit
virtual_recipient_refill_delay = $default_recipient_refill_delay
virtual_recipient_refill_limit = $default_recipient_refill_limit
virtual_transport = virtual
virtual_uid_maps =
[root@mail-qq postfix]# postconf -e "virtual_mailbox_base = /home/vmail"
[root@mail-qq postfix]# postconf -e "virtual_uid_maps = static:888"
[root@mail-qq postfix]# postconf -e "virtual_gid_maps = static:888"
[root@mail-qq postfix]# postconf -e "virtual_alias_maps = mysql:/etc/postfix/mailuser.cf"
[root@mail-qq postfix]# postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/maildomain.cf"
[root@mail-qq postfix]# postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mailbox.cf"
[root@mail-qq postfix]# postmap -q "lee@westos.com" mysql:/etc/postfix/mailuser.cf
lee@westos.com
[root@mail-qq postfix]# postmap -q "lee@westos.com" mysql:/etc/postfix/mailbox.cf
/var/spool/westos.com/lee/
[root@mail-qq postfix]# postmap -q "westos.com" mysql:/etc/postfix/maildomain.cf
westos.com
[root@mail-qq postfix]# cd /home/vmail/
[root@mail-qq vmail]# ls
[root@mail-qq vmail]# mail lee@westos.com
Subject: 233333
23333333333333333333333
.
EOT
[root@mail-qq vmail]# ls
westos.com
[root@mail-qq vmail]# cd westos.com/
[root@mail-qq westos.com]# ls
lee
[root@mail-qq westos.com]# cd lee/
[root@mail-qq lee]# ls
cur new tmp
[root@mail-qq new]# cat Cmysql:/etc/postfix/maildomain.cf
cat: Cmysql:/etc/postfix/maildomain.cf: No such file or directory
[root@mail-qq new]# cd ..
[root@mail-qq lee]# cat new/1492763498.Vfd01I134975bM202916.mail-qq.qq.com
Return-Path: <root@qq.com>
X-Original-To: lee@westos.com
Delivered-To: lee@westos.com
Received: by mail-qq.qq.com (Postfix, from userid 0)
id 13A1B26D8BE; Fri, 21 Apr 2017 04:31:37 -0400 (EDT)
Date: Fri, 21 Apr 2017 04:31:37 -0400
To: lee@westos.com
Subject: 233333
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20170421083138.13A1B26D8BE@mail-qq.qq.com>
From: root@qq.com (root)
23333333333333333333333
[root@mail-qq lee]# cd ..
[root@mail-qq westos.com]# cd ..
[root@mail-qq vmail]# ls
westos.com
[root@mail-qq vmail]# mail loo@163.com
Subject: 199999
1999999
.
EOT
[root@mail-qq vmail]# ls
163.com westos.com
[root@mail-qq vmail]# cd 163.com/
[root@mail-qq 163.com]# ls
loo
[root@mail-qq 163.com]# cd loo/
[root@mail-qq loo]# ls
cur new tmp
[root@mail-qq loo]# cat new/1492763826.Vfd01I300e415M855100.mail-qq.qq.com
Return-Path: <root@qq.com>
X-Original-To: loo@163.com
Delivered-To: loo@163.com
Received: by mail-qq.qq.com (Postfix, from userid 0)
id BD6F63259; Fri, 21 Apr 2017 04:37:06 -0400 (EDT)
Date: Fri, 21 Apr 2017 04:37:06 -0400
To: loo@163.com
Subject: 199999
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20170421083706.BD6F63259@mail-qq.qq.com>
From: root@qq.com (root)
1999999
[root@mail-qq loo]#