Server05

Posted fina

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Server05相关的知识,希望对你有一定的参考价值。

1、邮件的基本概念
MUA:邮件用户代理,客户端收发邮件的软件
MTA:邮件传输代理,服务器上的部署邮件服务器的软件
MDA:邮件投递代理,在邮件服务器上将邮件存放到相应的位置
MRA:邮件收取代理,为MUA读取邮件提供标准接口,主要使用POP3和IMAP协议
2、常用的MUA与MTA
MUA:Outlook、Mozilla Thunderbird、Foxmail
MTA:Sendmail、Postfix、Qmail、Exchange Server
3、邮件传递原理
发送邮件时:
用户通过MUA将邮件投递到MTA
MTA首先将邮件传给MDA
MDA会根据邮件收件人的不同采取不同的方式处理
收信人和发信人来自同一域:MDA将邮件存放到对应邮件存放地点
收信人和发信人来自不同域:MDA将邮件还给MTA
MTA通过DNS查询到收件人MTA的IP地址
将邮件投递到收件人MTA
收件人所在区域MTA将邮件投递到MDA
MDA将邮件存放到对应邮件存放地点
接受邮件时:
用户通过MUA连接MRA
MRA在邮件存放地点将邮件收取,并传递回MUA
4、邮件中继
MTA收到邮件有两种处理方式,其中一种是向外投递邮件,这个就是中继。
当MTA投递邮件时,邮件的收件人和发件人都不是MTA所在区域,这个叫第三方中继
5、邮件相关协议
SMTP:简单邮件传输协议 TCP 25
POP3:邮局协议版本3 TCP 110
POPs:提供加密的POP3 TCP 995
IMAP:交互邮件访问协议 TCP 143
IMAPs:提供加密的IMAP TCP 993
6、SMTP认证
SASL简单身份验证和安全层
7、postfix主配置文件内容
/etc/postfix/main.cf
myorigin 指定发件人DNS后缀
mydestination 指定postfix允许处理的邮件

postfix check


                                              RHEL5.9_A Mail Server

-------Server1(VM1)---------(VM1)
192.168.10.254 Win7 Client

实验要求:
在server1上搭建DNS,能够解析mail.tarena.com到Mail Server
在Mail Server上部署邮件服务器
在Win7上安装Foxmail测试

Server1配置(配置DNS)
1、安装软件包
[[email protected] ~]# rpm -q bind bind-chroot caching-nameserver
package bind is not installed
package bind-chroot is not installed
package caching-nameserver is not installed
[[email protected] ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY- redhat-release
[[email protected] ~]# yum -y install bind bind-chroot caching- nameserver
2、修改主配置文件
[[email protected] ~]# cd /var/named/chroot/etc/
[[email protected] etc]# cp -p named.caching-nameserver.conf named.conf
...
15 listen-on port 53 { 192.168.10.254; };
...
27 allow-query { any; };
28 allow-query-cache { any; };
...
37 match-clients { any; };
38 match-destinations { any; };
...
41 zone "tarena.com" IN {
42 type master;
43 file "tarena.com.zone";
44 };
...
[[email protected] etc]# named-checkconf named.conf
3、配置区域文件
[[email protected] etc]# cd /var/named/chroot/var/named/
[[email protected] named]# cp -p named.zero tarena.com.zone
[[email protected] named]# cat tarena.com.zone
$TTL 86400
@ IN SOA tarena.com. root.tarena.com. (
2013122401 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS dns1.tarena.com.
IN MX 5 mail.tarena.com.
dns1 IN A 192.168.10.254
mail IN A 192.168.10.10
[[email protected] named]# named-checkzone tarena.com tarena.com.zone
zone tarena.com/IN: loaded serial 2013122401
OK
4、启动DNS
[[email protected] named]# service named restart
[[email protected] named]# chkconfig named on

Mail Server配置(配置SMTP服务器)
1、前提条件(测试DNS)
[[email protected] ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=mail.tarena.com
GATEWAY=192.168.10.254
[[email protected] ~]# hostname mail.tarena.com
[[email protected] ~]# cat /etc/resolv.conf
nameserver 192.168.10.254
nameserver 202.106.0.20
search tarena.com
[[email protected] ~]# host -t mx tarena.com
tarena.com mail is handled by 5 mail.tarena.com.
[[email protected] ~]# host mail.tarena.com
mail.tarena.com has address 192.168.10.10
2、安装Postfix
[[email protected] ~]# netstat -tulnp | grep :25
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4079/sendmail
[[email protected] ~]# service sendmail stop
[[email protected] ~]# chkconfig sendmail off
[[email protected] ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat- release
[[email protected] ~]# yum -y install postfix
[[email protected] ~]# chkconfig --add postfix
[[email protected] ~]# chkconfig --list postfix
postfix 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
3、修改主配置文件
[[email protected] ~]# cd /etc/postfix/
[[email protected] postfix]# postconf -n > tmp.txt
[[email protected] postfix]# mv main.cf main.cf.bak
[[email protected] postfix]# mv tmp.txt main.cf
[[email protected] postfix]# vim main.cf
...
8 #inet_interfaces = localhost //监听端口
20 myhostname = mail.tarena.com //邮件服务器主机名
21 mydomain = tarena.com //邮件服务器所在区域
22 myorigin = $mydomain //发件人DNS后缀
23 mydestination = $mydomain //指定Postfix允许处理的邮件
24 home_mailbox = Maildir/ //邮箱类型
25 mynetworks = 192.168.10.0/24 //设置允许哪些客户端直接将需 要转发到外部区域的邮件提交给Postfix
4、检查语法启动服务
[[email protected] postfix]# postfix check
[[email protected] postfix]# postfix reload
[[email protected] postfix]# netstat -tulnp | grep :25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 6015/master

测试:
[[email protected] ~]# useradd yg
[[email protected] ~]# useradd xln
[[email protected] ~]# echo 123456 | passwd --stdin yg
[[email protected] ~]# echo 123456 | passwd --stdin xln
[[email protected] ~]# telnet mail.tarena.com 25
Trying 192.168.10.10...
Connected to mail.tarena.com (192.168.10.10).
Escape character is ‘^]‘.
220 mail.tarena.com ESMTP Postfix
helo localhost //宣告客户端
250 mail.tarena.com
mail from:[email protected] //邮件来自
250 2.1.0 Ok
rcpt to:[email protected] //邮件发往
250 2.1.5 Ok
data //邮件正文
354 End data with

subject Test mail!
hello,byebye

Mail Server配置(配置POP服务器)
1、安装dovecot
[[email protected] ~]# yum -y install dovecot
2、配置主配置文件
[[email protected] ~]# vim /etc/dovecot.conf
...
85 ssl_disable = yes //禁用SSL加密
...
205 mail_location = maildir:~/Maildir //设置邮箱路径
3、启动服务
[[email protected] ~]# service dovecot restart
[[email protected] ~]# chkconfig dovecot on
[[email protected] ~]# netstat -tulnp | grep dovecot
tcp 0 0 :::110 :::* LISTEN 16835/dovecot
tcp 0 0 :::143 :::* LISTEN 16835/dovecot

测试:
[[email protected] ~]# telnet mail.tarena.com 110
Trying 192.168.10.10...
Connected to mail.tarena.com (192.168.10.10).
Escape character is ‘^]‘.
+OK Dovecot ready.
user xln //输入账户
+OK
pass 123456 //输入密码
+OK Logged in.
list //列出邮件
+OK 1 messages:
1 458
.
retr 1 //查看邮件1
+OK 458 octets
Return-Path: [email protected]
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from localhost (ser1.tarena.com [192.168.10.10])
by mail.tarena.com (Postfix) with SMTP id A967D324DE8
for [email protected]; Tue, 24 Dec 2013 11:50:06 +0800 (CST)
Message-Id: [email protected]
Date: Tue, 24 Dec 2013 11:50:06 +0800 (CST)
From: [email protected]
To: undisclosed-recipients:;

subject Test mail!
hello,bybye
.
quit
+OK Logging out.
Connection closed by foreign host.

SMTP认证控制
1、启动saslauthd服务
[[email protected] ~]# rpm -q cyrus-sasl
cyrus-sasl-2.1.22-7.el5_8.1
[[email protected] ~]# cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
[[email protected] ~]# service saslauthd start
[[email protected] ~]# chkconfig saslauthd on
[[email protected] ~]# testsaslauthd -u yg -p 123456 -s smtp //检查 saslauthd服务
0: OK "Success."
2、调整postfix配置,启用认证
[[email protected] ~]# vim /etc/postfix/main.cf
...
25 mynetworks = 127.0.0.1 //设置本地网络
26 smtpd_sasl_auth_enable = yes //启用SASL认证
27 smtpd_sasl_security_options = noanonymous //阻止匿名发信
28 smtpd_recipient_restrictions = //设置收件人过滤
29 permit_mynetworks,
30 permit_sasl_authenticated,
31 reject_unauth_destination //拒绝向未授权的目 标域发信
[[email protected] ~]# service postfix restart

3、测试
[[email protected] ~]# printf "yg" | openssl base64
eWc=
[[email protected] ~]# printf "123456" | openssl base64
MTIzNDU2
[[email protected] ~]# telnet mail.tarena.com 25
Trying 192.168.10.10...
Connected to mail.tarena.com (192.168.10.10).
Escape character is ‘^]‘.
220 mail.tarena.com ESMTP Postfix
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
554 5.7.1 [email protected]: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
[[email protected] ~]# !telnet
telnet mail.tarena.com 25
Trying 192.168.10.10...
Connected to mail.tarena.com (192.168.10.10).
Escape character is ‘^]‘.
220 mail.tarena.com ESMTP Postfix
helo localhost
250 mail.tarena.com
auth login
334 VXNlcm5hbWU6
eWc=
334 UGFzc3dvcmQ6
MTIzNDU2
235 2.0.0 Authentication successful
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
quit
221 2.0.0 Bye
Connection closed by foreign host.

邮件过滤
1、根据客户端地址过滤
[[email protected] ~]# tail -n 2 /etc/postfix/access
192.168.10.53 REJECT
192.168.10.50 OK
[[email protected] ~]# postmap /etc/postfix/access
[[email protected] ~]# vim /etc/postfix/main.cf
...
32 smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
[[email protected] ~]# postfix reload
做完这个实验请将main.cf 32行注释

2、根据发信人地址过滤
[[email protected] ~]# cat /etc/postfix/sender_access
[email protected] REJECT
[[email protected] ~]# postmap /etc/postfix/sender_access
[[email protected] ~]# vim /etc/postfix/main.cf
...
33 smtpd_sender_restrictions =
34 permit_mynetworks, //若从mynetworks网络访问则允许
35 reject_sender_login_mismatch,//发件人与登录信息不符时拒绝
36 reject_non_fqdn_sender, //拒绝不完整的发件域
37 reject_unknown_sender_domain, //拒绝未知的收件域
38 check_sender_access hash:/etc/postfix/sender_access //指定策略库
[[email protected] ~]# service postfix restart
做完这个实验请将main.cf 33-38行注释

以上是关于Server05的主要内容,如果未能解决你的问题,请参考以下文章

在Tomcat的安装目录下conf目录下的server.xml文件中增加一个xml代码片段,该代码片段中每个属性的含义与用途

使用实体框架迁移时 SQL Server 连接抛出异常 - 添加代码片段

Client / Server Interoperability Support Matrix for Different Oracle Versions (Doc ID 207303.1)(代码片段

httpd Server not started: (13)Permission denied: make_sock: could not bind to address [::]:8888(代码片段

记录C#常用的代码片段

Apollo Codegen 没有找到生成代码的操作或片段