您好,登錄后才能下訂單哦!
SMTP服務(wù)部署-進(jìn)階篇
緊接著上周的內(nèi)容。
一.遠(yuǎn)程登陸限制
由于當(dāng)前所有虛擬機(jī)都可以遠(yuǎn)程連接實(shí)現(xiàn)發(fā)送郵件的服務(wù),很明顯這是步安全的。
如何實(shí)現(xiàn)登陸限制:
在我的客戶機(jī)(desktop)上
1.cd /etc/postfix/
在最后一行添加:拒絕登陸的ip REJECT
如:172.25.254.50 REJECT
2.postmap access #加密文件,這樣會(huì)生成一個(gè)access.db文件
3.postconf -d | grep client #篩選配置項(xiàng)目。并查詢
4. postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"#寫入配置文件
這個(gè)配置文件在:/etc/postfix/main.cf的最后面
5.重啟服務(wù)
systemctl restart postfix.service
測(cè)試:
在我的ip為50的主機(jī)上:
說明:這里的限制登陸實(shí)際上是可以通過telnet連接的,但是郵件是發(fā)不出去的
@還原操作:刪除/etc/postfix/main.cf的最后一行,
Postmap access #重新加密,最后重啟服務(wù)即可
二.凍結(jié)用戶郵件服務(wù)
在/etc/postfix/目錄下
1.vim sender
輸入內(nèi)容:westos@lyitx.com REJECT
2.postmap sender
3.postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
4.systemctl restart postfix.service
測(cè)試:
在另外一臺(tái)虛擬機(jī)上測(cè)試:
[kiosk@foundation50 Desktop]$ telnet 172.25.254.166 25
Trying 172.25.254.166...
Connected to 172.25.254.166.
Escape character is '^]'.
220 maillyitx.lyitx.com ESMTP Postfix
mail from:westos@lyitx.com
250 2.1.0 Ok
rcpy to:root@linux.com
502 5.5.2 Error: command not recognized
rcpt to:root@linux.com
554 5.7.1 <westos@lyitx.com>: Sender address rejected: Access denied
三.拒絕用戶接收郵件
1.vim recip #寫入要拒絕接收郵件的用戶全名
westos@lyitx.com REJECT
2.postmap recip#加密
3.postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"
4. systemctl restart postfix.service
測(cè)試:
在50主機(jī):
[kiosk@foundation50 Desktop]$ telnet 172.25.254.166 25
以上操作在/etc/postfix/main.cf的最后一行可以看到
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip
@@不干擾后續(xù)實(shí)驗(yàn),在這里進(jìn)行操作的還原
具體方法:
刪除/etc/postfix/main.cf文件的最后兩行
然后重啟服務(wù)即可
四.豆腐塊(dovecot)
在desktop主機(jī)(172.25.254.166)上
1.yum install dovecot -y
2.vim /etc/dovecot/dovecot.conf
將24行注釋取消
24 protocols = imap pop3 lmtp
49 disable_plaintext_auth = no
50 login_trusted_networks = 0.0.0.0/0#允許外網(wǎng)登陸
3.cd /etc/dovecot/conf.d/
vim 10-mail.conf
加入以下內(nèi)容
在30行: mail_location = mbox:~/mail:INBOX=/var/mail/%u
4.systemctl start dovecot
@以上幾步操作目的在于開放端口
5.su - westos####在這里需要手動(dòng)建立文件(已經(jīng)存在的用戶)
6.mkdir -p /home/westos/mail/.imap
7.touch /home/westos/mail/.imap/INBOX
8.su - root
這里有一個(gè)一勞永逸的方法:
在超級(jí)用戶下:
cd /etc/skel/
mkdir mail/.imap/INBOX
(如此設(shè)置可以讓每一個(gè)新建用戶創(chuàng)建時(shí)系統(tǒng)都會(huì)自動(dòng)創(chuàng)建目錄)
最后重啟服務(wù):
systemctl restart dovecot.service
測(cè)試:
在其他主機(jī)上測(cè)試:
1.yum install mutt -y
2.mutt -f imap://westos@172.25.254.166
根據(jù)提示輸入密碼后就可以看到westos用戶的郵件
[root@foundation50 Desktop]# telnet 172.25.254.166 110
Trying 172.25.254.166...
Connected to 172.25.254.166.
Escape character is '^]'.
+OK [XCLIENT] Dovecot ready.
user westos
+OK
pass redhat
+OK Logged in.
操作成功
五.用雷鳥接收郵件
打開雷鳥軟件
這樣就可以在軟件中受到郵件了
####數(shù)據(jù)庫虛擬用戶接收郵件###
1.安裝數(shù)據(jù)庫
yum install mysql-server -y
systemctl start mariadb
vim /etc/my.cnf
配置文件改為:
symbolic-links=1
systemctl restart mariadb##
mysql_secure_installation#安全初始化,設(shè)置root密碼。然后一直空格
2.phpmyadmin的安裝—在網(wǎng)頁上顯示操作數(shù)據(jù)庫
yum install httpd -y
systemctl start httpd
mv phpMyAdmin-3.4.0-all-languages.tar.bz2 /var/www/html/
cd /var/www/html/
tar -jxf phpMyAdmin-3.4.0-all-languages.tar.bz2 ##解壓文件
mv phpMyAdmin-3.4.0-all-languages myadmin ##改個(gè)簡(jiǎn)單的名字
systemctl stop firewalld.service ##關(guān)閉火墻
yum install php -y##安裝php,沒有php環(huán)境顯示不了
systemctl restart httpd.service ##安裝過后需要重新啟http
cd myadmin/
cp -p config.sample.inc.php config.inc.php##將模板文件復(fù)制成一個(gè)真正的配置文件
vim config.inc.php ##在文件中添加如cookie
$cfg['blowfish_secret'] = 'westos'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
yum install php-mysql.x86_64 -y##關(guān)聯(lián)數(shù)據(jù)庫
systemctl restart httpd.service
瀏覽器中輸入:安裝數(shù)據(jù)庫的服務(wù)器的ip地址/myadmin
在創(chuàng)建一個(gè)名為:email的數(shù)據(jù)庫,創(chuàng)建一個(gè)為muser的表,字段數(shù)設(shè)置為4.
詳細(xì)設(shè)置如下:
然后在本地?cái)?shù)據(jù)庫中新建用戶:
MariaDB [(none)]> select * from email.muser;
+-----------------+----------+-----------+------------------+
| username | password | domain | maildir |
+-----------------+----------+-----------+------------------+
| admin@lyitx.org | 123 | lyitx.org | lyitx.org/admin/ |
+-----------------+----------+-----------+------------------+
1 row in set (0.00 sec)
創(chuàng)建用戶:CREATE USER postfix@localhost identified by ‘postfix’
再進(jìn)行授權(quán),(圖中)
GRANT INSERT,UPDATE,SELECT on emial.* to postfix@localhost;
然后退出
3.文件的編寫:
再安裝有數(shù)據(jù)庫的主機(jī)上:
cd /etc/postfix/
vim mysql-users.cf
手動(dòng)編寫以下內(nèi)容
hosts = localhost
user = postfix
password = postfix
dbname = email
table = muser
select_field = username
where_field = username
保存退出
vim mysql-domain.cf
編寫:
hosts = localhost
user = postfix
password = postfix
dbname = email
table = muser
select_field = domain
where_field = domain
vim mysql-maildir.cf
hosts = localhost
user = postfix
password = postfix
dbname = email
table = muser
select_field = maildir
where_field = username
然后對(duì)這三個(gè)文件進(jìn)行加密處理
糾正一下:圖中顯示的內(nèi)容應(yīng)為
lyitx.org/admin/
4.創(chuàng)建vmail用戶,mail組
groupadd -g 666 vmail
useradd -g 666 -u 666 -s /sbin/nologin vmail
細(xì)節(jié):參數(shù)不能少,如果出錯(cuò)要重新建立用戶需要執(zhí)行:
userdel -r vmail
5.寫入配置文件
在配置文件/etc/postfix/main.cf的最后可以看到寫入的內(nèi)容
virtual_gid_maps = static:666
virtual_uid_maps = static:666
virtual_mailbox_base = /home/vmail
virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf
6.重啟postfix服務(wù)
Systemctl restart postfix.severice
測(cè)試:就在當(dāng)前主機(jī)給admin@lyitx.org 用戶發(fā)送郵件
如果在/home/vmail/lyitx.org/admin/new目錄下查看到郵件,說明操作成功!
[root@maillyitx new]# pwd
/home/vmail/lyitx.org/admin/new
[root@maillyitx new]# ls
1481167802.Vfd01I280a514M732414.maillyitx.lyitx.com
1481167902.Vfd01I280a515M599277.maillyitx.lyitx.com
1481167977.Vfd01I280a516M115286.maillyitx.lyitx.com
1481185764.Vfd01I280a51eM96871.maillyitx.lyitx.com
[root@maillyitx new]#
豆腐塊&數(shù)據(jù)庫
cp /usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext /etc/dovecot/
cd /etc/dovecot
vim dovecot-sql.conf.ext
32 driver = mysql
71 connect = host=localhost dbname=email user=postfix password=postfix
78 default_pass_scheme = PLAIN
107 password_query = \
108 SELECT username, domain, password \
109 FROM muser WHERE username = '%n' AND domain = '%d'
125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM muser WHERE userid = '%u'
Vim /etc/dovecot/conf.d/10-mail.conf
30 mail_location = maildir:/home/vmail/%d/%n
168 first_valid_uid = 666
175 first_valid_gid = 666
最后重啟服務(wù)
Ststemctl restart dovecot
在其他主機(jī)上,用telnet連接上,就表示實(shí)驗(yàn)成功
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。