smtp
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了smtp相关的知识,希望对你有一定的参考价值。
###SMTP ###
###实验环境搭建
desktop:172.25.254.118
hostname:maillinux.linux.com
dns-server:172.25.254.218
server:172.25.254.218
hostname:mailwestos.westos.com
dns-server:172.25.254.218
###软件的安装
[[email protected] ~]# yum install bind -y
###DNS的配置
server端:
[[email protected] ~]# vim /etc/resolv.conf
2 domain westos.com
3 search westos.com linux.com
4 nameserver 172.25.254.218
[[email protected] ~]# vim /etc/named.conf
11 // listen-on port 53 { 127.0.0.1; }; \
12 // listen-on-v6 port 53 { ::1; }; |-->这三行注释掉
17 // allow-query { localhost; }; /
32 dnssec-validation no; ##关闭dns安全认证
[[email protected] ~]# vim /etc/named.rfc1912.zones
25 zone "linux.com" IN {
26 type master;
27 file "linux.com.zone";
28 allow-update { none; };
29 };
30
31 zone "westos.com" IN {
32 type master;
33 file "westos.com.zone";
34 allow-update { none; };
35 };
[[email protected] ~]# cd /var/named/
[[email protected] named]# cp -p named.localhost westos.com.zone
[[email protected] named]# cp -p named.localhost linux.com.zone
[[email protected] named]# vim westos.com.zone
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.218
10 westos.com. MX 1 172.25.254.218.
[[email protected] named]# vim linux.com.zone
1 $TTL 1D
2 @ IN SOA dns.linux.com root.linux.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.linux.com.
9 dns A 172.25.254.218
10 linux.com. MX 1 172.25.254.118.
##注意:两条MX记录分别对应两个不同的域名和主机ip
[[email protected] named]# systemctl start named ##启动服务
[[email protected] named]# firewall-cmd --permanent --add-service=dns ##防火墙允许dns服务
success
[[email protected] named]# firewall-cmd --reload ##重启防火墙后生效
success
desktop端:
[[email protected] ~]# vim /etc/resolv.conf
domain linux.com
search linux.com westos.com
nameserver 172.25.254.218
测试:
server端:
[[email protected] named]# dig -t MX westos.com
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.218.
[[email protected] named]# dig -t MX linux.com
;; ANSWER SECTION:
linux.com. 86400 IN MX 1 172.25.254.118.
desktop端:
[[email protected] ~]# dig -t MX westos.com
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.218.
[[email protected] ~]# dig -t MX linux.com
;; ANSWER SECTION:
linux.com. 86400 IN MX 1 172.25.254.118.
###SMTP服务基础配置
server端:
[[email protected] named]# netstat -antple | grep 25 ##查看SMTP服务的端口是否开启
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 51218 3223/named
tcp 0 0 172.25.254.219:53 0.0.0.0:* LISTEN 25 51215 3223/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 51213 3223/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 20925 1262/sshd
tcp 0 0 172.25.254.219:22 172.25.254.19:55336 ESTABLISHED 0 25114 1588/sshd: [email protected]
tcp6 0 0 ::1:953 :::* LISTEN 25 51219 3223/named
tcp6 0 0 :::25 :::* LISTEN 0 21229 1386/master
tcp6 0 0 :::111 :::* LISTEN 0 20425 1276/rpcbind
##经查看并为开启SMTP服务的端口
[[email protected] named]# vim /etc/postfix/main.cf ##配置SMTP主配置文件
75 myhostname = mailwestos.westos.com ##设置自己的主机名
83 mydomain = westos.com ##设置自己的域名
99 myorigin = $mydomain ##设置源=(自己的域名)
113 inet_interfaces = all ##开放所有ip上的25端口
116 #inet_interfaces = localhost ##将这一行注释掉(否则会影响第113行)
164 mydestination = $myhostname, $mydomain, localhost ##只处理发给(自己的主机名|域名|localhost)的邮件
[[email protected] named]# systemctl restart postfix.service ##重启服务后生效
测试:
server端:
[[email protected] named]# mail [email protected] ##server给自己发mail
Subject: 123
ewqe
dawd
dawd
.
EOT
[[email protected] named]# mail ##查看所有邮件
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 unread
>U 1 root Tue Nov 29 10:11 21/576 "123"
&
##发送成功。(此时是219主机给自己发mail,因为119主机上并未配置smtp,所以219现在无法给119发mail)
或:
[[email protected] ~]# mail -u root ##查看发给root的mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/root": 1 message 1 unread
>U 1 root Tue Nov 29 10:11 21/576
&
==================注意=======================
上面的测试是server发mail给server端,不需要关闭防火墙。
但server和desktop之间相互发送mail的时候,要将双方的防火墙关闭,否则会发送失败。
============================================
补充:
1.当mail发送失败时,会保存下来。
[[email protected] named]# mail [email protected] ##发给linux.com,但linux.com并未配置smtp
Subject: tbr
qeqwdwwa
dawda
dawdaw
.
EOT
[[email protected] named]# mailq ##查看待寄mail的清单及其相关信息
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
D2ABE24620B 447 Tue Nov 29 10:21:22 [email protected]
(connect to 172.25.254.119[172.25.254.119]:25: No route to host)
[email protected]
-- 0 Kbytes in 1 Request.
[[email protected] named]# postqueue -p ##查看寄存队列内容
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
1830C246219 443 Fri Dec 2 02:25:05 [email protected]
(Host or domain name not found. Name service error for name=linux.com type=MX: Host not found, try again)
[email protected]
-- 0 Kbytes in 1 Request.
[[email protected] named]# postqueue -f ##将待寄存队列的mail再发送一遍
[[email protected] named]# postsuper -d D2ABE24620B ##删除发送失败的mail,‘D2ABE24620B为该条mail的标示
postsuper: D2ABE24620B: removed
postsuper: Deleted: 1 message
[[email protected] named]# postsuper -dALL ##删除队列的所有寄存mail
[[email protected] named]# postconf -d ##查看默认配置
[[email protected] named]# postconf -n ##查看当前的配置
[[email protected] named]# postconf -e "inet_interface=localhost"
[[email protected] named]# postconf -d | grep inet
inet_interfaces = all
inet_protocols = all
local_header_rewrite_clients = permit_inet_interfaces
[[email protected] named]# vim /etc/postfix/main.cf
[[email protected] named]# ll /usr/sbin/sendmail
lrwxrwxrwx. 1 root root 21 5月 6 2014 /usr/sbin/sendmail -> /etc/alternatives/mta
[[email protected] named]# ll /etc/alternatives/mta
lrwxrwxrwx. 1 root root 26 5月 6 2014 /etc/alternatives/mta -> /usr/sbin/sendmail.postfix
#########4.主机之间发送mail##########
server端:
[[email protected] named]# systemctl stop firewalld.service ##关闭防火墙
[[email protected] named]# scp /etc/postfix/main.cf [email protected]:/etc/postfix/main.cf
desktop端:
[[email protected] named]# vim /etc/postfix/main.cf ##配置SMTP主配置文件
:%s/westos/linux/g ##将全局的westos换为linux就ok了
[[email protected] named]# systemctl restart postfix.service ##重启服务后生效
[[email protected] named]# systemctl stop firewalld.service ##关闭防火墙
测试:
desktop端--->server端
[[email protected] ~]# mail [email protected]
Subject: test1
dawdaw
dawda
wdaw
da
w
.
EOT
[[email protected] named]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root Fri Dec 2 08:34 25/755
& 1
Message 1:
From [email protected] Fri Dec 2 08:34:35 2016
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Date: Fri, 02 Dec 2016 08:33:45 -0500
To: [email protected]
Subject: test1
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R
dawdaw
dawda
wdaw
da
w
&
server端--->server端:
[[email protected] named]# mail [email protected]
Subject: test2
wqqdwq
dawdwfda
dawdaw
.
EOT
[[email protected] ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root Fri Dec 2 08:39 23/761
& 1
Message 1:
From [email protected] Fri Dec 2 08:39:06 2016
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Date: Fri, 02 Dec 2016 08:39:06 -0500
To: [email protected]
Subject: test2
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R
wqqdwq
dawdwfda
dawdaw
&
###虚拟邮件帐号
这个虚拟帐号名可以是系统中存在的帐号,也可以是不存在的。
正常情况下:
server端存在student用户,desktop给server的student用户发送邮件恶的情况如下:
[[email protected] ~]# mail [email protected]
Subject: test3
awdwqe
dwqdq
.
EOT
[[email protected] named]# mail -u student ##是student用户收到mail,而不是root
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/student": 1 message
> 1 root Tue Dec 6 01:43 23/805 "student"
&
修改了虚拟用户之后:
server端:
[[email protected] named]# vim /etc/aliases
97 admin: root
98 student: root
[[email protected] named]# postalias /etc/aliases ##加密(hash)生成db文件
[[email protected] named]# ll /etc/aliases*
-rw-r--r--. 1 root root 1576 12月 2 09:30 /etc/aliases
-rw-r--r--. 1 root root 12288 12月 2 09:08 /etc/aliases.db ##生成了该文件(系统最后读的是这个文件)
[[email protected] named]# systemctl restart postfix.service ##重启服务后生效
测试:
desktop端:
[[email protected] ~]# mail [email protected]
Subject: test3
adwdq
dawdawd
dadawd
.
EOT
[[email protected] ~]# mail [email protected]
Subject: test4
qweqwd
dqwdzcfad
dawdawdwa
dqwdq
.
EOT
server端:
[[email protected] named]# mail -u root ##发给admin和student的mail其实是root接收了
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 3 messages 1 unread
1 root Fri Dec 2 08:34 26/766
2 root Fri Dec 2 09:06 24/768 ##这个是admin(实际收件人为root)
>U 3 root Fri Dec 2 09:09 25/787 ##这个是student(实际收件人为root)
&
###邮件群发
server端:
[[email protected] named]# vim /etc/aliases
97 admin: root ##删除此行
98 student: root ##删除此行
99 more: :include:/etc/moreusers ##指定群发的用户文件
============或=============
99 more: admin,student
[[email protected] named]# postalias /etc/aliases ##重新生成db加密文件
[[email protected] named]# systemctl restart postfix.service ##重启服务后生效
[[email protected] named]# vim /etc/moreusers
1 admin
2 student
创建amdin和student用户:
[[email protected] named]# useradd admin
[[email protected] named]# useradd student
[[email protected] named]# id admin
uid=1001(admin) gid=1001(admin) groups=1001(admin)
[[email protected] named]# id student
uid=1000(student) gid=1000(student) groups=1000(student)
测试:
desktop端:
[[email protected] ~]# mail [email protected]
Subject: 123
adawdwq
dwadawd
dawdaw
.
EOT
server端:
[[email protected] named]# mail -u student
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/student": 2 messages 1 new
>N 2 root Tue Dec 6 02:02 25/912 "123"
[[email protected] named]# mail -u admin
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/admin": 1 message 1 new
>N 1 root Tue Dec 6 02:02 25/910 "123"
##两个用户都收到了mail
###mail地址的别名
在desktop端:
[[email protected] postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport
[[email protected] postfix]# vim virtual
[email protected] [email protected]
[[email protected] postfix]# postmap virtual ##生成virtual.db加密文件
[[email protected] postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport virtual.db
[[email protected] postfix]# postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual" ##给/etc/postfix/main.cf主配置文件添加该条参数
[[email protected] postfix]# systemctl restart postfix.service
测试:
desktop端:
[[email protected] postfix]# mail [email protected]
Subject: hehe
dfqwf
qwfwwqfqwf
.
EOT
server端:
[[email protected] postfix]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 3 messages 1 new
>N 1 root Tue Dec 6 03:05 22/753 "hehehe"
&
###出站地址伪装
[[email protected] named]# cd /etc/postfix/
[[email protected] postfix]# vim generic
240 [email protected] 526900112@qq.com ##前面的是原本的域名,后面的是伪装的域名
[[email protected] postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport
[[email protected] postfix]# postmap generic ##生成generic.db加密文件
[[email protected] postfix]# ls
access generic.db master.cf virtual
canonical header_checks relocated
generic main.cf transport
[[email protected] postfix]# postconf -e "smtp_generic_maps = hash:/etc/postfix/generic" ##给/etc/postfix/main.cf主配置文件添加该条参数
[[email protected]ilwestos postfix]# systemctl restart postfix.service
测试:
server端:
[[email protected] postfix]# mail [email protected]
Subject: tbr
dada
w
.
EOT
desktop端:
[[email protected] ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root Sun Nov 27 03:46 23/749 "tbr"
& 1
Message 1:
From [email protected] Sun Nov 27 03:46:51 2016
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Date: Sun, 27 Nov 2016 03:46:50 -0500
To: [email protected]
Subject: tbr
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: [email protected] (root)
Status: R
qweqw
dada
w
&
###通过telnet远程登陆发送邮件
##真实主机上安装Telnet软件(真实主机ip:172.25.254.19)
[[email protected] Software]# yum install telnet -y
[[email protected] Software]# telnet 172.25.254.219 25 ##通过25端口连接
Trying 172.25.254.218...
Connected to 172.25.254.218.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
500 5.5.2 Error: bad syntax
ehlo hello ##显示如下,则登陆成功
250-mailwestos.westos.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected] ##mail由发送方
250 2.1.0 Ok
rcpt to:[email protected] ##mail的接受方
250 2.1.5 Ok
data ##输入data之后下面写正文
354 End data with <CR><LF>.<CR><LF>
dada
dawdad
adad
.
250 2.0.0 Ok: queued as 4541524620D
quit ##退出
Connection closed by foreign host.
[[email protected] Software]#
###根据ip来拒绝smtp连接请求
##该配置会导致被拒绝的ip主机telnet上邮件服务器之后无法收发邮件(实际是拒绝了smtp连接请求)。注意不要和邮件服务器本地用户的在服务器端直接收发邮件的权限混淆。
[[email protected] ~]# cd /etc/postfix/
[[email protected] postfix]# vim access
477 172.25.254.18 REJECT ##此处填写拒绝的主机ip
[[email protected] postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport
[[email protected] postfix]# postmap access ##生成.db加密文件
[[email protected] postfix]# ls
access canonical header_checks master.cf transport
access.db generic main.cf relocated virtual
[[email protected] postfix]# postconf -d | grep client ##通过该命令查询关于mail-server的client的配置
broken_sasl_auth_clients = no
local_header_rewrite_clients = permit_inet_interfaces
parent_domain_matches_subdomains =
.
.
.
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions = ##应用这条命令
unknown_client_reject_code = 450
[[email protected] postfix]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"
##将该条配置加到主配置文件中,注意这里面的access其实指的是access.db文件
[[email protected] postfix]# vim /etc/postfix/main.cf ##检查上条命令是否生效
680 smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
##有此行表示生效了
[[email protected] postfix]# systemctl restart postfix.service ##重启服务生效
测试:
真实主机(172.25.254.18):
[[email protected] Desktop]# telnet 172.25.254.218 25
Trying 172.25.254.218...
Connected to 172.25.254.218.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
ehlo hello ##可以成功telnet到服务器端
250-mailwestos.westos.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:[email protected] ##此时没有显示报错
250 2.1.0 Ok
rcpt to:[email protected] ##此时会产生报错,因为client端ip被拒绝了
554 5.7.1 <unknown[172.25.254.18]>: Client host rejected: Access denied
###禁止邮件服务器本地的指定用户发送mail
##该配置会导致被远程登陆上邮件服务器无法使用指定的用户进行发件。注意不要和邮件服务器本地用户的在服务器端直接发邮件的权限混淆。
注意:在该实验之前先将上一个实验中的部分配置删除,否册影响实验
[[email protected] postfix]# vim /etc/postfix/main.cf
680 smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
##删除该行
server端:
[[email protected] postfix]# vim sender ##这个文件在/etc/postfix/下没有,需要自己创建(可以自命名)
[email protected] REJECT ##这里要写用户+域名(此处禁止了server端的westos用户发送mail)
[[email protected] postfix]# postmap sender ##生成.db加密文件
[[email protected] postfix]# ls
access header_checks mysql-maildir.cf sender.db
access.db main.cf mysql-user.cf transport
canonical master.cf relocated virtual
generic mysql-domain.cf sender
[[email protected] postfix]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/posfix/sender"
##将该条配置加到主配置文件中,注意这里面的sender其实指的是sender.db文件
[[email protected] postfix]# vim /etc/postfix/main.cf ##检查上条命令是否生效
681 smtpd_sender_restrictions = check_sender_access hash: /etc/posfix/sender
##有此行表示生效了
[[email protected] postfix]# systemctl restart postfix.service ##重启服务生效
[[email protected] postfix]# useradd westos ##创建westos用户,作为测试用
[[email protected] postfix]$ id westos
uid=1002(westos) gid=1002(westos) groups=1002(westos)
测试:
真实主机(172.25.254.18):
[[email protected] Desktop]# telnet 172.25.254.218 25
Trying 172.25.254.218...
Connected to 172.25.254.218.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:[email protected] ##注意;此处是用westos用户发送
250 2.1.0 Ok
rcpt to:[email protected] ##无法发送,发送方的地址被拒绝
451 4.3.5 <[email protected]>: Sender address rejected: Access denied
============邮件服务器本地的westos用户还是可以发送的========
server端:
[[email protected] postfix]# su - westos
[[email protected] ~]$ mail [email protected]
Subject: tbr
adwdwq
dawdwad
fawdawd
.
EOT
desktop端:
[[email protected] ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 [email protected] Sat Dec 3 06:00 23/754
& 1
###禁止指定用户接收mail
[[email protected] postfix]# vim recip ##这个文件在/etc/postfix/下没有,需要自己创建(可以自命名)
1 [email protected] REJECT
[[email protected] postfix]# postmap recip ##生成.db加密文件
[[email protected] postfix]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"
##将该条配置加到主配置文件中,注意这里面的sender其实指的是sender.db文件
[[email protected] postfix]# systemctl restart postfix.service ##重启服务后生效
测试:
真实主机(172.25.254.18)
[[email protected] Desktop]# telnet 172.25.254.218 25
Trying 172.25.254.218...
Connected to 172.25.254.218.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 <[email protected]>: Recipient address rejected: Access denied
###dovecot与mail
server端:
[[email protected] ~]# yum install dovecot -y
[[email protected] ~]# cd /etc/dovecot/
[[email protected] dovecot]# ls
conf.d dovecot.conf
[[email protected] dovecot]# vim dovecot.conf
24 protocols = imap pop3 lmtp
46 # for authentication checks). disable_plaintext_auth is also ignored for
49 disable_plaintext_auth = no
[[email protected] dovecot]# cd conf.d/
[[email protected] conf.d]# vim 10-mail.conf
25 # mail_location = mbox:~/mail:INBOX=/var/mail/%u
30 mail_location = mbox:~/mail:INBOX=/var/mail/%u
[[email protected] conf.d]# systemctl start dovecot
[[email protected] conf.d]# netstat -antple| grep dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 59637 3274/doveco
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 0 59613 3274/doveco
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 0 59611 3274/doveco
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 0 59635 3274/doveco
tcp6 0 0 :::993 :::* LISTEN 0 59638 3274/doveco
tcp6 0 0 :::995 :::* LISTEN 0 59614 3274/doveco
tcp6 0 0 :::110 :::* LISTEN 0 59612 3274/doveco
tcp6 0 0 :::143 :::* LISTEN 0 59636 3274/doveco
本文出自 “12115084” 博客,请务必保留此出处http://12125084.blog.51cto.com/12115084/1880784
以上是关于smtp的主要内容,如果未能解决你的问题,请参考以下文章