添加MX记录(这里假设使用动态域名)
由于MX记录添加后,可能生效要等待一段时间(通常为数分钟或数十分钟,也可能马上生效),所以在安装配置前,我们首先为动态域名添加MX记录。添加方法也会因域名ISP的不同而不同,但大致信息如下:
mx mail.centospub.com. 10
a mail 服务器的IP地址
mail为别名,10为优先度。这个别名指向服务器的IP地址.
确认MX记录的添加是否生效的方法:
[root@sample ~]# host -t mx centospub.com
centospub.com mail is handled by 10 mail.centospub.com. ← 确认MX记录生效
安装Postfix
然后,安装Postfix。
[root@sample ~]# yum -y install postfix ← 在线安装Postfix
Setting up Install Process
Setting up repositories
dag 100% |=========================| 1.1 kB 00:00
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
primary.xml.gz 100% |=========================| 28 kB 00:04
update : ################################################## 84/84
Added 84 new packages, deleted 1499 old in 3.44 seconds
primary.xml.gz 100% |=========================| 157 B 00:00
Added 0 new packages, deleted 1499 old in 1.97 seconds
primary.xml.gz 100% |=========================| 26 kB 00:00
extras : ################################################## 102/102
Added 102 new packages, deleted 1499 old in 2.73 seconds
Reducing Dag RPM Repository for Red Hat Enterprise Linux to included packages only
Finished
Parsing package install arguments
Resolving Dependencies
–> Populating transaction set with selected packages. Please wait.
—> Downloading header for postfix to pack into transaction set.
postfix-2.2.10-1.RHEL4.2. 100% |=========================| 40 kB 00:00
—> Package postfix.i386 2:2.2.10-1.RHEL4.2 set to be updated
–> Running transaction check
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Installing:
postfix i386 2:2.2.10-1.RHEL4.2 base 3.0 M
Transaction Summary
=============================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 3.0 M
Downloading Packages:
(1/1): postfix-2.2.10-1.R 100% |=========================| 3.0 MB 00:05
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: postfix ######################### [1/1]
Installed: postfix.i386 2:2.2.10-1.RHEL4.2
Complete!
配置Postfix及相关组件
[1] 对Postfix进行配置。
[root@sample ~]# vi /etc/postfix/main.cf ← 编辑Postfix的配置文件
#myhostname = host.domain.tld ← 找到此行,将等号后面的部分改写为主机名
↓
myhostname = sample.centospub.com ← 变为此状态,设置系统的主机名
#mydomain = domain.tld ← 找到此行,将等号后面的部分改写为域名
↓
mydomain = centospub.com ← 变为此状态,设置域名(我们将让此处设置将成为E-mail地址“@”后面的部分)
#myorigin = $mydomain ← 找到此行,将行首的#去掉
↓
myorigin = $mydomain ← 变为此状态,将发信地址“@”后面的部分设置为域名(非系统主机名)
inet_interfaces = localhost ← 找到此行,将“localhost”改为“all”
↓
inet_interfaces = all ← 变为此状态,接受来自所有网络的请求
mydestination = $myhostname, localhost.$mydomain, localhost ← 找到此行,在行为添加“$mydomain”
↓
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ← 变为此状态,指定发给本地邮件的域名
#relay_domains = $mydestination ← 找到此行,将行首的#去掉
↓
relay_domains = $mydestination ← 变为此状态,定义允许转发的域名
#mynetworks = 168.100.189.0/28, 127.0.0.0/8 ← 找到此行,依照自己的内网情况修改
↓
mynetworks = 168.100.189.0/28, 127.0.0.0/8 ← 变为此状态,指定内网和本地的IP地址范围
#home_mailbox = Maildir/ ← 找到这一行,去掉行首的#
↓
home_mailbox = Maildir/ ← 变为此状态,指定用户邮箱目录
# SHOW SOFTWARE VERSION OR NOT
#
# The smtpd_banner parameter specifies the text that follows the 220
# code in the SMTP server’s greeting banner. Some people like to see
# the mail version advertised. By default, Postfix shows no version.
#
# You MUST specify $myhostname at the start of the text. That is an
# RFC requirement. Postfix itself does not care.
#
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) ← 找到这一行,接此行添加如下行:
smtpd_banner = $myhostname ESMTP unknow ← 添加这一行,不显示SMTP服务器的相关信息
在配置文件的文尾,添加如下行:
smtpd_sasl_auth_enable = yes ← 服务器使用SMTP认证
smtpd_sasl_local_domain = $myhostname ← 指定SMTP认证的本地域名(主机名)
smtpd_sasl_security_options = noanonymous ← 不允许匿名的方式认证
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_security_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination←(very important)
message_size_limit = 15728640 ← 规定邮件最大尺寸为15MB
[2] 配置SMTP认证的相关选项
为了提高安全性,我们不将系统用户的密码作为相应用户SMTP认证的密码,而将在后面为用户建立SMTP认证专用的密码。
[root@sample ~]# vi /usr/lib/sasl2/smtpd.conf ← 编辑SMTP认证的配置文件
pwcheck_method: saslauthd ← 找到此行,将“saslauthd”改为“auxprop”
↓
pwcheck_method: auxprop ← 不使用系统用户密码作为用户的SMTP认证密码
[root@sample ~]# vi /etc/sysconfig/saslauthd
MECH=shadow ← 找到这一行,在前面加#
↓
#MECH=shadow ← 不使用shadow机制
FLAGS= ← 找到此行,在等号后面添加“sasldb”
↓
FLAGS=sasldb ← 定义认证方式为sasldb2
[3] 建立用户的邮箱目录
首先建立用户模板下的邮箱目录,以便于建立新用户时,相应用户的邮箱目录自动被建立。
[root@sample ~]# mkdir /etc/skel/Maildir ← 在用户模板下建立用户邮箱目录
[root@sample ~]# chmod 700 /etc/skel/Maildir ← 设置用户邮箱目录属性为700
然后再为已经存在的用户建立相应邮箱目录。
[root@sample ~]# mkdir /home/centospub/Maildir ← 为用户(这里以centospub用户为例)建立邮箱目录
[root@sample ~]# chmod 700 /home/centospub/Maildir ← 设置该用户邮箱目录属性为700
[root@sample ~]# chown centospub. /home/centospub/Maildir ← 设置该用户邮箱目录为该用户所有
[4] 为用户设置SMTP认证密码
[root@sample ~]# saslpasswd2 -u sample.centospub.com -c centospub ← 为centospub用户设置SMTP认证密码
Password: ← 在这里输入密码(不会显示)
Again (for verification): ← 再次输入密码
[5] 改变SALS的属性及归属
[root@sample ~]# chgrp postfix /etc/sasldb2 ← 将数据库归属改为postfix,
[root@sample ~]# chmod 640 /etc/sasldb2 ← 将数据库属性改为640
[6] 关闭sendmail服务及设置默认MTA
因为在用Postfix作为SMTP服务器的前提下,我们不准备再用sendmail,所以将sendmail服务关掉,以确保安全及节省系统资源。
[root@sample ~]# /etc/rc.d/init.d/sendmail stop ← 关闭sendmail服务
Shutting down sendmail: [ OK ]
Shutting down sm-client: [ OK ]
[root@sample ~]# chkconfig sendmail off ← 关闭sendmail自启动
[root@sample ~]# chkconfig –list sendmail ← 确认sendmail自启动已被关闭(都为off就OK)
sendmail 0:off 1:off 2:off 3:off 4:off 5:off 6:off
然后再将默认的MTA设置为Postfix。
[root@sample ~]# alternatives –config mta ← 设置默认MTA
There are 2 programs which provide ‘mta’.
Selection Command
———————————————–
*+ 1 /usr/sbin/sendmail.sendmail ← 当前状态:sendmail为默认MTA
2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2 ← 在这里输入2,使Postfix成为默认MTA
启动相应服务
最后,启动SMTP认证及Postfix服务,并设置相应服务为自启动。
[root@sample ~]# chkconfig saslauthd on ← 将SMTP-Auth设置为自启动
[root@sample ~]# chkconfig –list saslauthd ← 确认SMTP-Auth服务状态
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/saslauthd start ← 启动SMTP-Auth
Starting saslauthd: [ OK ]
[root@sample ~]# chkconfig postfix on ← 将Postfix设置为自启动
[root@sample ~]# chkconfig –list postfix ← 确认Postfix服务状态
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/postfix start ← 启动Postfix
Starting postfix: [ OK ]
POP / IMAP 服务器的构建
POP / IMAP 是 MUA 从邮件服务器中读取邮件时使用的协议。其中,与 POP3 是从邮件服务器中下载邮件比起来,IMAP4 则是将邮件留在服务器端直接对邮件进行管理、操作。这里,我们用 Dovecot 来实现对 POP3 及 IMAP4 等协议支持的邮件接收服务器的搭建。
Dovecot 是一个比较新的软件,由 Timo Sirainen 开发,最初发布于 2002年7月。作者将安全性考虑在第一,所以 Dovecot 在安全性方面比较出众。另外,Dovecot 支持多种认证方式,所以在功能方面也比较符合一般的应用。
---------------------------------------------------------------------------------------------------------------------------------------------------
首先,安装 Dovecot
[root@sample ~]# yum -y install dovecot ← 在线安装 Dovecot
Setting up Install Process
Setting up repositories
dag 100% |=========================| 1.1 kB 00:00
update 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
addons 100% |=========================| 951 B 00:00
extras 100% |=========================| 1.1 kB 00:00
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for dovecot to pack into transaction set.
dovecot-0.99.11-4.EL4.i38 100% |=========================| 15 kB 00:00
---> Package dovecot.i386 0:0.99.11-4.EL4 set to be updated
--> Running transaction check
--> Processing Dependency: libmysqlclient.so.14(libmysqlclient_14) for package: dovecot
--> Processing Dependency: libpq.so.3 for package: dovecot
--> Processing Dependency: libmysqlclient.so.14 for package: dovecot
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for postgresql-libs to pack into transaction set.
postgresql-libs-7.4.13-2. 100% |=========================| 11 kB 00:00
---> Package postgresql-libs.i386 0:7.4.13-2.RHEL4.1 set to be updated
---> Downloading header for mysql to pack into transaction set.
mysql-4.1.20-1.RHEL4.1.i3 100% |=========================| 35 kB 00:00
---> Package mysql.i386 0:4.1.20-1.RHEL4.1 set to be updated
--> Running transaction check
--> Processing Dependency: perl(DBI) for package: mysql
--> Restarting Dependency Resolution with new changes.
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for perl-DBI to pack into transaction set.
perl-DBI-1.40-8.i386.rpm 100% |=========================| 11 kB 00:00
---> Package perl-DBI.i386 0:1.40-8 set to be updated
--> Running transaction check
Dependencies Resolved
------------------------------------------------------------------------------------------------------
Package Arch Version Repository Size
------------------------------------------------------------------------------------------------------
Installing:
dovecot i386 0.99.11-4.EL4 base 612 k
Installing for dependencies:
mysql i386 4.1.20-1.RHEL4.1 base 2.9 M
perl-DBI i386 1.40-8 base 466 k
postgresql-libs i386 7.4.13-2.RHEL4.1 base 146 k
Transaction Summary
------------------------------------------------------------------------------------------------------
Install 4 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 4.1 M
Downloading Packages:
(1/4): dovecot-0.99.11-4. 100% |=========================| 612 kB 00:00
(2/4): postgresql-libs-7. 100% |=========================| 146 kB 00:00
(3/4): mysql-4.1.20-1.RHE 100% |=========================| 2.9 MB 00:02
(4/4): perl-DBI-1.40-8.i3 100% |=========================| 466 kB 00:00
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing: perl-DBI ######################### [1/4]
Installing: mysql ######################### [2/4]
Installing: postgresql-libs ######################### [3/4]
Installing: dovecot ######################### [4/4]
Installed: dovecot.i386 0:0.99.11-4.EL4
Dependency Installed: mysql.i386 0:4.1.20-1.RHEL4.1 perl-DBI.i386 0:1.40-8 postgresql-libs.i386 0:7.4.13-2.RHEL4.1
Complete!
---------------------------------------------------------------------------------------------------------------------------------------------------
然后,修改相应配置文件,配置 Dovecot
[root@sample ~]# vi /etc/dovecot.conf ← 编辑Dovecot 的配置文件
#protocols = imap imaps ← 找到这一行,将协议设置为imap与pop3
protocols = imap pop3 ← 变为此状态
#default_mail_env = ← 找到这一行,定义邮件目录
default_mail_env = maildir:~/Maildir ← 定义邮件目录为用户目录下的Maildir目录
---------------------------------------------------------------------------------------------------------------------------------------------------
添加防火墙规则
由于 POP3 协议与 IMAP4 协议要分别用到110号和143号端口,所以在启动服务前,配置防火墙,开通这两个端口。
[root@sample ~]# vi /etc/sysconfig/iptables ← 编辑防火墙规则
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT ← 找到此行,接着添加如下两行:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT ← 允许POP使用的110号端口
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT ← 允许IMAP使用的143号端口
[root@sample ~]# /etc/rc.d/init.d/iptables restart ← 重新启动防火墙,使新的设置生效
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
---------------------------------------------------------------------------------------------------------------------------------------------------
最后,启动 Dovecot ,并将其设置为自启动。
[root@sample ~]# chkconfig dovecot on ← 设置Dovecot为自启动
[root@sample ~]# chkconfig --list dovecot
dovecot 0:off 1:off 2:on 3:on 4:on 5:on 6:off ← 确认2~5为on的状态就OK
[root@sample ~]# /etc/rc.d/init.d/dovecot start ← 启动Dovecot服务
Starting Dovecot Imap: [ OK ]