rhel5之postfix邮件服务器基本应用配置

时间:2021-06-10 17:50:52
这里只讲postfix的配置,dovecot的配置请参见我的另一篇日志: rhel5之sendmail、dovecot配置 一、安装: [root@server2 ~]# yum -y install postfix wireshark 停止、禁止sendmail服务: [root@server2 ~]# service sendmail stop [root@server2 ~]# chkconfig sendmail off 指定postfix作为你的MTA: [root@server2 ~]# alternatives --config mta There are 2 programs which provide 'mta'.   Selection    Command
-----------------------------------------------
*+ 1           /usr/sbin/sendmail.sendmail
   2           /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2 启动postfix服务: [root@server2 ~]# service postfix start [root@server2 ~]# chkconfig  postfix on 二、配置: postfix的配置文件是main.cf,位于/etc/postfix目录下: [root@server2 postfix]# ls
access             canonical  header_checks  main.cf          makedefs.out  postfix-files   post-install  TLS_LICENSE  virtual
bounce.cf.default  generic    LICENSE        main.cf.default  master.cf     postfix-script  relocated     transport
编辑main.cf文件: [root@server2 postfix]# vi main.cf 找到以下行,大概位于69行: #myhostname = host.domain.tld,修改为你自己的主机名,我这里是: myhostname = rhel5.com.cn 在第78行: #mydomain = domain.tld修改为: mydomain = rhel5.com.cn 修改第112行: 将#inet_interfaces = localhost行改为你的IP地址,我的如下: inet_interfaces = 192.168.1.12, 127.0.0.1 修改第157行: mydestination = $myhostname, localhost.$mydomain, localhost改为如下: mydestination =$myhostname, localhost.$mydomain, localhost, mail.$mydomain 去掉第94,95行的注释符号: myorigin = $myhostname myorigin = $mydomain 三、测试: 在windows上telnet server2的25端口: rhel5之postfix邮件服务器基本应用配置 成功! 使用outlook express测试收发信件! rhel5之postfix邮件服务器基本应用配置 查看maillog日志文件: Apr  7 19:50:33 server2 postfix/smtpd[29921]: connect from xzxj[192.168.1.156]
Apr  7 19:53:09 server2 postfix/smtpd[29927]: connect from xzxj[192.168.1.156]
Apr  7 19:53:09 server2 postfix/smtpd[29927]: AC51F4FA23: client=xzxj[192.168.1.156]
Apr  7 19:53:09 server2 postfix/cleanup[29929]: AC51F4FA23: message-id=<E4BBD8CF849B480BAE4B236BC3AC483B@xzxj>
Apr  7 19:53:09 server2 postfix/smtpd[29927]: disconnect from xzxj[192.168.1.156]
Apr  7 19:53:09 server2 postfix/qmgr[29899]: AC51F4FA23: from=<student1@rhel5.com.cn>, size=1493, nrcpt=1 (queue active)
Apr  7 19:53:09 server2 postfix/local[29930]: AC51F4FA23: to=<student2@rhel5.com.cn>, relay=local, delay=0.12, delays=0.08/0.03/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Apr  7 19:53:09 server2 postfix/qmgr[29899]: AC51F4FA23: removed
收信: rhel5之postfix邮件服务器基本应用配置 rhel5之postfix邮件服务器基本应用配置 ok,postfix的基本配置已完成了。 四、开启 postfix的SASL and PAM认证: 编辑/etc/postfix/main.cf文件,加入以下行: smtpd_sasl_auth_enable = yes                         //启用sasl验证
smtpd_sasl_security_options = noanonymous    //设定验证机制,拒绝匿名用户
broken_sasl_auth_clients = yes                         //
smtpd_recipient_restrictions =
  permit_sasl_authenticated,
  permit_mynetworks,
  reject_unauth_destination
启动saslauthd进程:
[root@server2 postfix]# service saslauthd start
[root@server2 postfix]# chkconfig saslauthd on [root@server2 postfix]# chkconfig --list saslauthd
saslauthd       0:off   1:off   2:on    3:on    4:on    5:on    6:off
接着是设置PAM认证: 编辑 /etc/sysconfig/saslauthd文件,设置如下: MECH=pam 重启postfix服务程序: [root@server2 postfix]#service postfix restart Shutting down postfix: [  OK  ]
Starting postfix: [  OK  ]
五、让postfix支持ssl加密认证: 1)、创建smtpd.pem文件: [root@server2 ~]#cd /etc/postfix [root@server2 postfix]#openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650或者: [root@server2 postfix]#make �CC /etc/pki/tls/certs smtpd.pem [root@server2 postfix]# ll
total 336
-rw-r--r-- 1 root root 17832 Aug 11  2008 access
-rw-r--r-- 1 root root  3550 Aug 11  2008 bounce.cf.default
-rw-r--r-- 1 root root 11175 Aug 11  2008 canonical
-rw-r--r-- 1 root root  9920 Aug 11  2008 generic
-rw-r--r-- 1 root root 16838 Aug 11  2008 header_checks
-rw-r--r-- 1 root root 11942 Aug 11  2008 LICENSE
-rw-r--r-- 1 root root 27493 Apr  7 21:31 main.cf
-rw-r--r-- 1 root root 17981 Aug 11  2008 main.cf.default
-rw-r--r-- 1 root root   958 Aug 11  2008 makedefs.out
-rw-r--r-- 1 root root  4134 Apr  7 21:23 master.cf
-rw-r--r-- 1 root root 17639 Aug 11  2008 postfix-files
-rwxr-xr-x 1 root root  6366 Aug 11  2008 postfix-script
-rwxr-xr-x 1 root root 22564 Aug 11  2008 post-install
-rw------- 1 root root  1024 Apr  7 21:37 prng_exch
-rw-r--r-- 1 root root  6805 Aug 11  2008 relocated
-rw-r--r-- 1 root root  2168 Apr  7 21:19 smtpd.pem
-rw-r--r-- 1 root root  1629 Aug 11  2008 TLS_LICENSE
-rw-r--r-- 1 root root 12081 Aug 11  2008 transport
-rw-r--r-- 1 root root 11984 Aug 11  2008 virtual
2)、编辑/etc/postfix/main.cf文件,加入以下内容: smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
保存退出! 3)、编辑/etc/postfix/master.cf文件,确认以下内容没有被注释掉: smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
这里对应的端口是465端口,如果还存在以下内容的话,则系统会同时打开25端口的: smtp      inet  n       -       n       -       -       smtpd 注释掉此行的话,系统只打开465端口! 4)、重启postfix服务: [root@server2 postfix]# service postfix restart
Shutting down postfix: [  OK  ]
Starting postfix: [  OK  ]
5)、检查下相应的端口是否打开: [root@server2 postfix]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 127.0.0.1:2208              0.0.0.0:*                   LISTEN      3045/hpiod         
tcp        0      0 192.168.1.12:993            0.0.0.0:*                   LISTEN      3119/dovecot       
tcp        0      0 192.168.1.12:995            0.0.0.0:*                   LISTEN      3119/dovecot       
tcp        0      0 192.168.1.12:110            0.0.0.0:*                   LISTEN      3119/dovecot       
tcp        0      0 192.168.1.12:143            0.0.0.0:*                   LISTEN      3119/dovecot       
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2737/portmap       
tcp        0      0 192.168.1.12:465            0.0.0.0:*                   LISTEN      13056/master       
tcp        0      0 127.0.0.1:465               0.0.0.0:*                   LISTEN      13056/master
       
tcp        0      0 192.168.1.12:53             0.0.0.0:*                   LISTEN      2707/named         
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      3086/cupsd         
tcp        0      0 192.168.1.12:25             0.0.0.0:*                   LISTEN      13056/master       
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      13056/master
       
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      2707/named         
tcp        0      0 127.0.0.1:2207              0.0.0.0:*                   LISTEN      3050/python        
tcp        0      0 :::22                       :::*                        LISTEN      3070/sshd          
tcp        0      0 ::1:953                     :::*                        LISTEN      2707/named         
udp        0      0 192.168.1.12:53             0.0.0.0:*                               2707/named         
udp        0      0 0.0.0.0:69                  0.0.0.0:*                               3103/xinetd        
udp        0      0 0.0.0.0:35146               0.0.0.0:*                               2707/named         
udp        0      0 0.0.0.0:5353                0.0.0.0:*                               3329/avahi-daemon: 
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2737/portmap       
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               3086/cupsd         
udp        0      0 0.0.0.0:50298               0.0.0.0:*                               3329/avahi-daemon: 
udp        0      0 :::39057                    :::*                                    3329/avahi-daemon: 
udp        0      0 :::58033                    :::*                                    2707/named         
udp        0      0 :::5353                     :::*                                    3329/avahi-daemon: 
6)、测试基于ssl的收发信件: rhel5之postfix邮件服务器基本应用配置 里面有一行250-STARTTLS内容,则说明,基于ssl的postfix已被正确配置了。 在windows上测试: 发信rhel5之postfix邮件服务器基本应用配置 收信rhel5之postfix邮件服务器基本应用配置 日志信息: Apr  7 21:43:51 server2 postfix/postfix-script: starting the Postfix mail system
Apr  7 21:43:51 server2 postfix/master[12944]: daemon started -- version 2.3.3, configuration /etc/postfix
Apr  7 21:44:24 server2 postfix/smtpd[12949]: connect from xzxj[192.168.1.156]
Apr  7 21:44:55 server2 postfix/smtpd[12949]: lost connection after EHLO from xzxj[192.168.1.156]
Apr  7 21:44:55 server2 postfix/smtpd[12949]: disconnect from xzxj[192.168.1.156]
Apr  7 21:45:09 server2 postfix/smtpd[12949]: connect from xzxj[192.168.1.156]
Apr  7 21:47:14 server2 postfix/smtpd[12957]: connect from xzxj[192.168.1.156]
Apr  7 21:47:14 server2 postfix/smtpd[12957]: setting up TLS connection from xzxj[192.168.1.156]
Apr  7 21:47:14 server2 postfix/smtpd[12957]: TLS connection established from xzxj[192.168.1.156]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr  7 21:47:14 server2 postfix/smtpd[12957]: 63D114FA2C: client=xzxj[192.168.1.156], sasl_method=LOGIN, sasl_username=student1
Apr  7 21:47:14 server2 postfix/cleanup[12961]: 63D114FA2C: message-id=<0C6E6AB0E4F2487F9D30F7E7A725A873@xzxj>
Apr  7 21:47:14 server2 postfix/smtpd[12957]: disconnect from xzxj[192.168.1.156]
Apr  7 21:47:14 server2 postfix/qmgr[12946]: 63D114FA2C: from=<student1@rhel5.com.cn>, size=1571, nrcpt=1 (queue active)
Apr  7 21:47:14 server2 postfix/local[12962]: 63D114FA2C: to=<student2@rhel5.com.cn>, relay=local, delay=0.07, delays=0.06/0.01/0/0, dsn=2.0.0, status=sent (delivered to mailbox)
Apr  7 21:47:14 server2 postfix/qmgr[12946]: 63D114FA2C: removed
向126发送一份信试试能不能成功。 rhel5之postfix邮件服务器基本应用配置 日志信息: Apr  7 21:50:55 server2 postfix/smtpd[12977]: connect from xzxj[192.168.1.156]
Apr  7 21:50:55 server2 postfix/smtpd[12977]: setting up TLS connection from xzxj[192.168.1.156]
Apr  7 21:50:55 server2 postfix/smtpd[12977]: TLS connection established from xzxj[192.168.1.156]: TLSv1 with cipher RC4-MD5 (128/128 bits)
Apr  7 21:50:55 server2 postfix/smtpd[12977]: 187494FA30: client=xzxj[192.168.1.156], sasl_method=LOGIN, sasl_username=student1
Apr  7 21:50:55 server2 postfix/cleanup[12981]: 187494FA30: message-id=<3F7D65A39E134785BD3CBDFDDBCC424B@xzxj>
Apr  7 21:50:55 server2 postfix/smtpd[12977]: disconnect from xzxj[192.168.1.156]
Apr  7 21:50:55 server2 postfix/qmgr[12946]: 187494FA30: from=<student1@rhel5.com.cn>, size=2405, nrcpt=1 (queue active)
Apr  7 21:51:13 server2 postfix/smtp[12982]: 187494FA30: to=<candon123@126.com>, relay=126.mxmail.netease.com[220.181.15.200]:25, delay=19, delays=0.02/0/15/4.2, dsn=2.0.0, status=sent (250 Mail OK queued as mx20,yMmowLDbVQGDWttJUJISPg--.3192S2 1239112329)
Apr  7 21:51:13 server2 postfix/qmgr[12946]: 187494FA30: removed
rhel5之postfix邮件服务器基本应用配置 rhel5之postfix邮件服务器基本应用配置

本文出自 “candon123” 博客,转载请与作者联系!