环境:
DNS:192.168.200.100
mail:192.168.200.101
Bind服务配置
- 安装Bind软件包。
yum install -y bind
- Bind配置文件。
vim /etc/named.conf
12 options {
13 listen-on port 53 { 192.168.200.100; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 allow-query { any; };
- vim /etc/named.rfc1912.zones
zone "a.com" IN {
type master;
file "a.com.zone";
allow-update { none; };
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "200.168.192.arpa";
allow-update { none; };
};
- Bind正向区域文件。
cd /var/named
cp -p named.localhost a.com.zone
vim a.com.zone
$TTL 1D
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.a.com.
ns1 A 192.168.200.100
mail A 192.168.200.101
smtp A 192.168.200.101
pop3 A 192.168.200.101
@ MX 10 mail.a.com.
- Bind反向区域文件。
cp -p named.empty 200.168.192.arpa
vim 200.168.192.arpa
$TTL 3H
@ IN SOA a.com. rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1.a.com.
100 PTR ns1.a.com.
101 PTR mail.a.com.
101 PTR pop3.a.com.
101 PTR smtp.a.com.
- 测试语法
named-checkconf /etc/named.conf
named-checkzone a.com /var/named/a.com.zone
named-checkzone 200.168.192 /var/named/a.com.arpa
- 启动Bind服务。
systemctl restart named
systemctl enable named
ss -ntlu | grep 53
udp UNCONN 0 0 192.168.200.100:53 *:*
Postfix服务的配置
- mail服务器DNS改为192.168.200.100
vim /etc/sysconfig/network-scripts/ifcfg-ens32
DNS1=192.168.200.100
- mail服务器主机名改为mail.a.com
hostname mail.a.com
vim /etc/hostname
mail.a.com
- 安装postfix软件包(centos7默认安装)
yum install -y postfix
- 设置运行postfix服务的邮件主机的主机名、域名。
vim /etc/postfix/main.cf
75 myhostname = mail.a.com
83 mydomain = a.com
- 从本机寄出邮件的域名名称(@后的内容)
99 myorigin = $mydomain 或
99 myorigin = a.com
- 设置postfix监听的IP地址
113 inet_interfaces = all 或
113 inet_interfaces = 192.168.200.101
- 设置允许投递到本地的邮件域名
165 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
- 设置可转发(Relay)哪些网络的邮件
250 mynetworks_style = subnet
- 设置可转发(Relay)哪些网域的邮件
296 relay_domains = $mydestination 或
296 relay_domains = a.com
- 设置邮件存储位置和大小(字节)(0为不限制)
419 home_mailbox = Maildir/
420 message_size_limit = 10485760 #10M,附件最大值
421 mailbox_size_limit = 1073741824 #1G,邮箱大小
- 邮件用户别名的配置,用于邮件转发
386 alias_maps = hash:/etc/aliases
397 alias_database = hash:/etc/aliases
- 在文件最后添加:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous
- 创建用户mail1、mail2、mail3并加入mailgroup用户组
groupadd mailgroup
useradd -s /sbin/nologin -g mailgroup mail1
useradd -s /sbin/nologin -g mailgroup mail2
useradd -s /sbin/nologin -g mailgroup mail3
echo "1234" | passwd --stdin mail1
echo "1234" | passwd --stdin mail2
echo "1234" | passwd --stdin mail3
- 添加别名
vim /etc/aliases
99 mailgroup: mail1,mail3
100 mail3: mail2
postalias /etc/aliases
newaliases
- SMTP认证的配置
yum install -y cyrus-sasl
saslauthd -v #查看SASL版本和密码认证机制
- 配置认证模式为shadow
#vim /etc/sysconfig/saslauthd
7 MECH=shadow
- systemctl restart saslauthd
systemctl enable saslauthd
测试SASL认证
testsaslauthd -u mail1 -p 1234
0: OK "Success."
- vim /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
- 启动postfix服务。
postfix check
systemctl restart postfix
systemctl enable postfix
ss -ntlu | grep 25
tcp LISTEN 0 100 192.168.200.101:25 *:*
- pop和imap服务配置
yum install -y dovecot dovecot-devel
vim /etc/dovecot/dovecot.conf
24 protocols = imap imaps pop3 pop3s
48 login_trusted_networks = 192.168.200.0/24
- vim /etc/dovecot/conf.d/10-mail.conf
24 mail_location = maildir:~/Maildir
- vim /etc/dovecot/conf.d/10-auth.conf
10 disable_plaintext_auth = no <==允许明文验证
100 auth_mechanisms = plain login <==dovecot 验证机制
- vim /etc/dovecot/conf.d/10-master.conf
96 unix_listener /var/spool/postfix/private/auth {
97 mode = 0666
98 user = postfix
99 group = postfix
100 }
vim /etc/dovecot/conf.d/10-ssl.conf
8 ssl = no <===不开启SSL
14 #ssl_cert = </etc/pki/dovecot/certs/dovecot.pem <===注释掉
15 #ssl_key = </etc/pki/dovecot/private/dovecot.pem <===注释掉
systemctl restart dovecot
ss -ntlu | grep -E "110|143"
tcp LISTEN 0 100 *:110 *:*
tcp LISTEN 0 100 *:143 *:*
邮件客户端测试
邮件客户端DNS地址设置为192.168.200.100
发信测试
群发测试
转发测试
使用Telnet发送邮件:
[d:\\~]$ telnet mail.a.com 25
220 mail.int6.cn ESMTP Postfix
helo mail.a.com
250 mail.a.com
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
aaaaa
bbbbb
ccccc
ddddd
. #输入“.”回车结束输入
250 2.0.0 Ok: queued as 919FC240B0C
使用Telnet接收邮件
[d:\\~]$ telnet mail.a.com 110
+OK [XCLIENT] Dovecot ready.
user mail1
+OK
pass 1234
+OK Logged in.
stat #浏览邮件的状态
list #列出邮件信息
retr 1 #查看第一封邮件内容