《RHCE课程-RH253Linux服务器架设笔记八-Postfix服务器配置.docx》由会员分享,可在线阅读,更多相关《RHCE课程-RH253Linux服务器架设笔记八-Postfix服务器配置.docx(32页珍藏版)》请在课桌文档上搜索。
1、RHCE课程-RH253Limx服务器架设笔记八-PoStfiX服务器配置2023-05-1816:24:51标签:1inuxPoStfiXdovecotRHCEmutt版权声明:原创作品,谢绝转载!否则将追究法律贲任。上次我们讲了SendnIail邮件服务器的配置,还有PoP3、imap的配置今日我们第一个任务就是postfix安装PoStfiX(rootaaslerdns*J11antcdroaScrverIcreppostfix-Trr-Xrr1rootroot37297582007-01-19potfiv-2.3.3-2.i3.rpB-r-xr-xr-x1rootroot5038720
2、07-01-19postfix-pf!ogsuur-2.3.3-2.i386.ra(rootMslerdns*)rpTth三ntcdroScrverposifix-2.3.3-2.i3S6.rpPrcperi11c.=nssssxssssWM3-igg=mw=ss1001ZpOStfiXsssszsssssssssssssssssssassssssxssIOOX(roolaaslcrds*sr-ivhlcdroScrvcrpo*lfix-pf!oj*u三-2.3.3-2.i3S6.rpPrcpi11C.BasBaBsaaBaasasaasBaiusasssassaasaBassassBaa(X
3、)1:potfi-p11OgSUMkUBBBUSBaaBBBBBSBaBBBBBBSBSB8BBBBIHUlUaaaaa100Xj(rootaasIcrdns*,安装完成以后,进入etcpostfix书目修改POSlCX主配置文件main.Cf,现在我们要修改配置文件了,主要修改七个地方第一和其次个是设置主机名和域名第一个须要修改的参数是Hiyhostname,指向真正的域名mydomain参数指向根域文件mac66bPros(clhoslnnc().Sayhostnancisucdasadefaultlucforn),othercon*gurationparaactcrs.-i* B)b t
4、rc - 71oil .Bichacl .coa trtuol . to use Syho%tac atnus the first Coaponcnl.4 Ssydosatn is used as o practers.dcu!l aluc for Rftny other conftguraliontchoclCOB79 。 SEXDIXG MAIL8! 8 Tbc ByorIKtn poranctcrEPCCmCS Ihc doaatn that Iocaa SaiI Appear% to coc fro. The default is to append Si3 *hich t fine
5、for m!1 stlc* If you run a domin号1 Bldyj第三个是设置本机寄出去的邮件所运用的域名或主机名myorigin 和 mydestination 都可以指向 my domain假如你的邮件服务器有ip和干脆域名ip 一样,就可以运用$mydomin,假如不一样最好运用Smyhostnamerootmasterdnszetcpostfl文件 维6 M)务标签鞘助时 *hich ts ftne for SBall sites. If you run a doaain with aulliplc 4 MKhlnC$ you should (1) ChftnaC tht
6、 to Sa)doaain and (2) set up a Mn-*tdc alia* dtabase that aliases CACh user Io1 b ucr*thal.users.Sftilbotl.S7 8*S s For the sake of consistency 、 SOrifin alo specifies the W) to recipient addresses that 91 between sender and recipient addrces. default doaain nae that is appended have no doBain part.
7、fortgin = Sayhoslnancrtgin Sa)doaatn=RECEIXG MMLparatcr specifies the network interfaceIaat1 systca receives eat 1 on. By default.Iall active interfaces on the chtr.r-.Ilh practcr also controls dcltvcr of nnt 1 to u*cr( tp.a1 J R J I I一 一J s The inet.interfaces .b s addresses that this 8 the softarc
8、 clat*% Scc also the prox)_interfaces paraactcr. for nctork 二注 2J Bl1设置postfix监听的接口,这里运用监听全部接口PoStfiX默认只监听本地地址,假如要与外界通信,就须要监听网K的全部IProotmasterdns:文件旧缰短6查看Q)终送标签带勖3仁二Receivixgmail“:8Tbetnel.inlcrfaccspAranclcrspecificsIbcnetworkinterface於addressesthatthist!syslcareceive*Mt1on.Bydefault,atbcsoftareela
9、tesallftclieinterfacesonthenahtnc.The!三paraaelcralsocontrolsde!KeryofsatItoser(ip.address).IOI10.3Seealsotheprox).interfacesparactcr.fornetworkaddressesthat10aereforvardedtousvtaaproxyornclorkaddresstranslator.104三I11三Note:youneedtotopstartPostfixbcnthisparaactcrchanges.106I07inet.interfaces三al,lk=i
10、net_tnterfa.,interfaceiParaactorSPCUfieSthenctorkinterfaceIL:saddressesthatthissail*ysteareceivesailonbyayofa:】三proxyornclrkaddresstranslationunit.Ihiscttt5115theaddressHstspecifiedwithIbcinet.interfaces116拉朱掰客肥117Youaustspecifyyourproxy/XATaddresseswhenyour人可以接受的主机名或者域名的邮件,这里只能写自己的主机名和域名,比如写入163,那么
11、给163发送邮件,自己就会收到rootmasterdns:-文件0三tty)终端标签处砧勖包)146SpccifyaItstofhostordoeatnnoses./ilcnaacorIypcHablc14bpattern%,separatedb)coaaasand/or*httcspacc.Afilcna149三patternisreplacedbyitscontents:atype:tableisBatChedthenIV1三anonenatchc*alookupkey(theright-handsideisignored).ISlContinuelonglinesbyStartIngth
12、enextlineilhhtIcspacc.1321S3Secalsobe!o.sectioneREJECTlXGMAILFORIXKXOWNLOCALVSERS*.4L=Srh.、r:nr1aydcstInelion:Seyboslnatc-.!ocathost.SeyJJbtatn.localhost.SaydoMtn)57saydesli11Alion=SayhostnaK.localho&t.St)doaatn.localhost.S)doatn.!38nail.Sa)doaain.Saydonatn.ftp.Saydoaatn15916_inlcrfaces.Ifthisparanc
13、lerisdefined,thentheSMTPserveriIPfIlnlbat1forunknownlocalu&crs.Thisparameteriskfr,UJ.一播入一技术陆客肿(可转发哪些网络的邮件,一般都只转发信任网络的邮件rootmtterdns:*文件9婚Ie)1cmpectheS)mlorklitb)haMinJ-IawhichcasePostfixignore*tbcnetworkswstlcsetting.246,J17SpecifynexplicitlistofnctorkxL,kpotlems.wherethe.;fcaMkpectftetthenubc*rofbt
14、ttnthenctorlpartofbot249Wres250.JI1ucanlopctbrbMlutPeQhneXofpatternfileinstead:oflistingIbcpttlermberc.SpeciyIypestablcfortab!ea*edlkupt三(thevalueMtbctablernetworksFnCtgfbk三hath:eU/potfttctork.tab!c4TbcrclawdoaintparAKtcrrestrict*watdestination*thisystcvillrMilto.ScctbcStpdaeFcciptent.restricttonsde
15、scriptionin1potlconf(三)fordetailednforMlidcfMlt.hsl11%reU)Mil:c4-fro*tru*lcdc!tcnt(IPaddrcanlcheSiB)nelork%)ts-rounirutted*clientstodcttMtoOTE:Postfixt11notauloaatica11yforwardnailfordoainsthat4,listtht*sy*tcBasIbcirprtmryorbackupMXhost.Sccthe-、,pcrait.a.bftckuprestrictiondescriptioninposlconf(三).28
16、6Arc!n)_!mt三SejdcklinotJon2S289(TERXCTORIXTRViET二步nnorelayhostisciven.BailOnanintranet.SPCCirytheThercla)hostporaaclcrspecificsIbCdefaulthosttosendsailtohcnnoentryisaatcbedtntheoptionaltransport(5)table.IhcntsrouteddirectlytotheOrgantzftttormldosainrwteinternalDXSu&esnoMXrecords,specifythenacof拄米博客W
17、q基本设置就这么多,然后保存退出由于我们的服务器现在正在运行Sendmail,所以我们要关闭Sendmai1,这样postfix才能正常运行,切忌要运用kill吩咐杀掉Sendmail的进程,因为系统运用的Sendmail来通知系统状态然后启动postfixrootmasterdns:*文件6缜靖SV)终端标签辅助rootMstcrdns,-Jviactcpostftaain.cfrootaastcrdnsservicescndaatlstatusScndMil(Pid26212599)正在送忏.root*nastcrdnsJ三ChkCOnfiC-list|“epSendIBilScndMil
18、0:关闭I:关闭2:启甫3:启用4:启用(root*a%tcrdnschkcon11gscrxJailoffrootaasterdns*jHllall-9sendaailIroOl-ft*ICrdn$*servicescndsfttlstatusSCndnMl已死.但ptd文件仍存(rootAmstcrdns*)Chkconfig-listIgrcpscndaai1scndMil?:关闭I:关闭2:关闭3:关闭4:美碉rool*mstcrdns*Chkconfig-listgrcppostfixrootImstcrdns)chkcon11c-level345postfixon(rootAaa&
19、lerdns*JsChkCOnfig-listICrCPpostfixPOilfixO:关闭l:关闭2:关闭3:宿用4:启用rtaslcrdns-1servicepostfixstart自动posl11x:roolaasterdns*s5:自用6:关闭5:关闭6:关册看看25号端口是不是被master监听起来(IrootmlenM*ncllatr3tIgrcp2SOO0.0.0.0723180.0.0.0s*Lism21Mm4O0z.o.o.nwO.O.0.Lisrtx7W3ptboftO。:22:LismO000.0.0eC30.0.0.07Wr*c.pt*MSroot-O*terM00.0
20、.0.0:631十0.0.0.012XKd起先测试,给51cto用户发了一封邮件。(rt*ftsterdns*-nail5lctoichAcl.cobSubject:Uslpostfixhello.thisispostfixtest!Ce:(rootaAstcrdnsw我们换成51cto用户接受试试胜利收到邮件启动dovecot服务servicedovecotstartIrWMtCrdM*jscrtccdo%ecotstart口动DoeotImp(FootMfisterdns*J然后我们运用win下的工具试试,首先修改dns服务器地址测试能不能解析michael解析胜利测试POStfiX服务器
21、25、HO端口工作正常哈打开OUtlOok我们用OUtIOok给root发送邮件试试RK)邮件内容没有显示,看来是字符编码的问题了,服务器是没问题的,主要是服务器的编码显示不出来,服务器是utf8的编码,WIN2023是gb2312的编码,但是client和client之间是没问题的,假如想在服务器上看邮件,须要修改下字符集也可以运用我们讲过的mutt工具运用mutt可以正常杳看邮件内容哈下面说说postfix的访问限制和别名配置打开etcpostfixaccess文件这个文件的精华就在这里root3msterdns:*_O上面一句是须要加到etcpostfixmain.cf中去,他已经说明。
22、下面一句是client端描述方式tEsmtpd_client_restrictions=check_client_accesshash:etcpostfixaccess这句力到main,cf的最终面我们禁止192.168.8.88运用postfix邮件服务刚才我的outlook是可以收发邮件的,现在我们试试看还可以不修改了access后,须要运用这个吩咐更新数据库postmapetcpostfix/access然后重新启动postfix(rootmUrdn*7/etcpottixcct【定1Irootn*tcrdn*potaepctcpoBttxftcccs(rootMatcrdm*Jtcri
23、ccpostfixrestart美ft)postfix:13动postfix:(rootMastcrdns*不能发送了)XJ我们把刚才的设置取消试试rootmsterdns:-文件MD1蜉粼D标签稼勒时9cttoarcIbeWUBCitbtMexedfilelookups.EXAMPLEThefollowingcxaaplcue*AnindexedfilcothatthesorderoftabicentrtCBdoc*notMttcr.TheCxMP1。per- ttacccMbyIbcclientaloursytl10 ctcpotftMtnf:stpdwcllentjeBlrictionc
24、beek*11ent.(ccshath:/et/postftxcccm/etc/postftacccs:123REJEcTk23.4OK町%.1M.RMWJECTExecutetbcCQMandpotMp/ctcpotfIxacct*ftrreditingtbcfile.BlGSTbctblcfrMtdoctotUMCrlMquotingconventtons.SEEUOpotmp(1)PbBIr1、lookuptableMMger*tpd(8).SMTPcrcrPOBtcoof(三)coo11curlionprMctcrtMsporl(5)vtransport:nexlhopnlaxREWM
25、EFILES5InLL见山技术博客”9IscepotUoafrcdec.itrtoryor*poBtcmfhtl.dire- tory*tolocatethistnforMlt.SMTPO.CCESS.REWME.built-inSMTPtenetME.PbBlftx100MPtableOtcrvicv-MA-一定1 陵1roottteNnJ=*iatcpoktftccet(rtaatcrdnpoitaapctcpostfxccc*sIrootMaticrdiM*jwtX2rootatlerdn.ichaMonMay1815:5318/675,tcstaliascsstuff,5IniI则1技
26、木除雪叫gOUcssasc2:FroarootMkstcrdns.Btchacl.coaMonMay1815:53:212009X-Orifinal-To:StuffAaichAel.coaDelivercd-To:stuff*tchftc!.cobDate:Mon.18May200915:53:21*0800Fro三:rootTo:StuffAeichoel.coaSubjcct:testalittcssluffok?51ct。帐号正常接收府看配置信息postconf-nrootma$terdns:文件0x(y)然说标缶鞘勖红)(roolsasterdns*jpostconf-naBtts.
27、databosc=hahsctcaltascsalias.aaps=hash:/ctc/aliascscoaaand.directory三usrsbinconfig-directory三eupo*lfixdceon-dircclory三usrlibcxcc/postfixath三usrAi1111caHttscs.postfixqueue.directory=varspoolpostfixreadac-direclor)三usrsharedocpostfix-2.3.3REMlE.FILESrclay-doBains三Seydcstinolionsasplc.directory=usrshrc
28、docposlfix-2.3.3seap!csSend1IJ)Ath三/u&r/sbtn/scndaat1.postfixselgid_(roup三POSldroPalpd_clicnt_rcslrictions三chcck_cHenl_occcBCunkfn.locl.rccipientireJcct_codc三550(rtaastcrdnswJs岫坤曲曲#游附耶加#MiChael分割线#耶#押加#耶冲抨Postfix已经基本配置完成,我们须要对邮件的发送进行限制:对于外域到本域的邮件,必需接收,否则,收不到任何来自外部的邮件:对于本域到外域的邮件,只允许从本机发出,否则,其他人通过伪造本域
29、地址就可以向外域发信;对于外域到外域的邮件,干脆拒绝,否则我们的邮件服务器就是OPenRelay,将被视为垃圾邮件服务器。先设置发件人的规则:smtpd_sender_restrictions=permit-三ynetworks,check_sender_accesshash:etcpostfix/sender_access,permit以上规则先推断是否是本域地址,假如是,允许,然后再从SendeJaCCeSS文件里检查发件人是否存在,拒绝存在的发件人,最终允许其他发件人然后设置收件人规则:smtpd_recipient_restrictions=permit_mynetworks,chec
30、k_recipient_accesshash:etcpostfixrecipient-access,reject以上规则先推断是否是本域地址,假如是,允许,然后再从recipienjaccess文件里检杳收件人是否存在,允许存在的收件人,最终拒绝其他收件人。rootmasterdns:Irootaslcrdn* (rootatcrdns (root*aBtcrdn* 总计320Ittttttttttttt IMt t rooOOOO3OOrOOroorooOOrooroorooOOroorooroo叠务 标釜 VMh) touch ctcpo*tfi x/scndcr.acccss touch
31、 cl3 endcr.cces-r-r I root root 1629 3006-09-02 TL5-LICESe-r-rr- I root root 12081 2006-09-02 transport-r-r- 1 root rool 11984 2006-09-02 virtual rootBstcrdns * I刃期隹泰博客啊/etc/postfix/sender_access的内容:michaelREJECTrootmasterdnsz- 目的是防止其他用户从外部身份发送邮件,但登录到本机再发送则不受影响,因为第一条规则Permitjnynetworks允许本机登录用户发送邮件。e
32、tcpostfixrecipient-access的内容:OKOKrootmasterdns:-*文件6僦直g终标蜜也助BichftelAaichael.coaOKSlclotaichacl.cob32.20 金那R*ctcpotfix/reipienlacce*2L.44C因此,外域只能发送给以上两个Email地址,其他任何地址都将被拒绝。但本机到本机发送不受影响。最终用postmap生成hash格式的文件:#postmapsender_access#postmaprecipient_accessrootmasterdns:文件0缭161&终端标答本助3Iroolastcrdnsviactcpostfix/rcciptent.access(rootAaatlcrdnsspostaapctcpostftxkcndcr-acccs*(root*AStcrdn*postaapctcpostfixrccipicnt.*cccss(rootatcrdnssservicepostfixrestart关闭postfix:定启动PoZ门X:.立定rootaasterdns产发送正常V!