分类: LINUX
2009-04-08 23:06:27
rhel5之postfix邮件服务器基本应用配置
这里只讲postfix的配置,dovecot的配置请参见我的另一篇日志:
一、安装:
[root@server2 ~]# yum -y install postfix wireshark
停止、禁止sendmail服务:
[root@server2 ~]# service sendmail stop
[root@server2 ~]# chkconfig sendmail off
指定postfix作为你的MTA:
[root@server2 ~]# alternatives --config mta
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2
启动postfix服务:
[root@server2 ~]# service postfix start
[root@server2 ~]# chkconfig postfix on
二、配置:
postfix的配置文件是main.cf,位于/etc/postfix目录下:
[root@server2 postfix]# ls
access canonical header_checks main.cf makedefs.out postfix-files post-install TLS_LICENSE virtual
bounce.cf.default generic LICENSE main.cf.default master.cf postfix-script relocated transport
编辑main.cf文件:
[root@server2 postfix]# vi main.cf
找到以下行,大概位于69行:
#myhostname = host.domain.tld,修改为你自己的主机名,我这里是:
myhostname = rhel5.com.cn
在第78行:
#mydomain = domain.tld修改为:
mydomain = rhel5.com.cn
修改第112行:
将#inet_interfaces = localhost行改为你的IP地址,我的如下:
inet_interfaces = 192.168.1.12, 127.0.0.1
修改第157行:
mydestination = $myhostname, localhost.$mydomain, localhost改为如下:
mydestination =$myhostname, localhost.$mydomain, localhost, mail.$mydomain
去掉第94,95行的注释符号:
myorigin = $myhostname
myorigin = $mydomain
三、开启 postfix的SASL and PAM认证:
编辑/etc/postfix/main.cf文件,加入以下行:
smtpd_sasl_auth_enable = yes //启用sasl验证
smtpd_sasl_security_options = noanonymous //设定验证机制,拒绝匿名用户
broken_sasl_auth_clients = yes //
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
启动saslauthd进程:
[root@server2 postfix]# service saslauthd start
[root@server2 postfix]# chkconfig saslauthd on
[root@server2 postfix]# chkconfig --list saslauthd
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
接着是设置PAM认证:
编辑 /etc/sysconfig/saslauthd文件,设置如下:
MECH=pam
重启postfix服务程序:
[root@server2 postfix]#service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
四、让postfix支持ssl加密认证:
1)、创建smtpd.pem文件:
[root@server2 ~]#cd /etc/postfix
[root@server2 postfix]#openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
[root@server2 postfix]# ll
total 336
-rw-r--r-- 1 root root 17832 Aug 11 2008 access
-rw-r--r-- 1 root root 3550 Aug 11 2008 bounce.cf.default
-rw-r--r-- 1 root root 11175 Aug 11 2008 canonical
-rw-r--r-- 1 root root 9920 Aug 11 2008 generic
-rw-r--r-- 1 root root 16838 Aug 11 2008 header_checks
-rw-r--r-- 1 root root 11942 Aug 11 2008 LICENSE
-rw-r--r-- 1 root root 27493 Apr 7 21:31 main.cf
-rw-r--r-- 1 root root 17981 Aug 11 2008 main.cf.default
-rw-r--r-- 1 root root 958 Aug 11 2008 makedefs.out
-rw-r--r-- 1 root root 4134 Apr 7 21:23 master.cf
-rw-r--r-- 1 root root 17639 Aug 11 2008 postfix-files
-rwxr-xr-x 1 root root 6366 Aug 11 2008 postfix-script
-rwxr-xr-x 1 root root 22564 Aug 11 2008 post-install
-rw------- 1 root root 1024 Apr 7 21:37 prng_exch
-rw-r--r-- 1 root root 6805 Aug 11 2008 relocated
-rw-r--r-- 1 root root 2168 Apr 7 21:19 smtpd.pem
-rw-r--r-- 1 root root 1629 Aug 11 2008 TLS_LICENSE
-rw-r--r-- 1 root root 12081 Aug 11 2008 transport
-rw-r--r-- 1 root root 11984 Aug 11 2008 virtual
2)、编辑/etc/postfix/main.cf文件,加入以下内容:
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
保存退出!
3)、编辑/etc/postfix/master.cf文件,确认以下内容没有被注释掉:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
这里对应的端口是465端口,如果还存在以下内容的话,则系统会同时打开25端口的:
smtp inet n - n - - smtpd
注释掉此行的话,系统只打开465端口!
4)、重启postfix服务:
[root@server2 postfix]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
5)、检查下相应的端口是否打开:
[root@server2 postfix]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3045/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2737/portmap
tcp 0 0 192.168.1.12:465 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:465 0.0.0.0:* LISTEN 13056/master
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2707/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3086/cupsd
tcp 0 0 192.168.1.12:25 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2707/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3050/python
tcp 0 0 :::22 :::* LISTEN 3070/sshd
tcp 0 0 ::1:953 :::* LISTEN 2707/named
udp 0 0 192.168.1.12:53 0.0.0.0:* 2707/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3103/xinetd
udp 0 0 0.0.0.0:35146 0.0.0.0:* 2707/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3329/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2737/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3086/cupsd
udp 0 0 0.0.0.0:50298 0.0.0.0:* 3329/avahi-daemon:
udp 0 0 :::39057 :::* 3329/avahi-daemon:
udp 0 0 :::58033 :::* 2707/named
udp 0 0 :::5353 :::* 3329/avahi-daemon:
