学无止尽
分类: 系统运维
2015-02-25 15:11:16
使用CentOS-6.4-x86_64-minimal.iso镜像文件安装系统做DNS服务器和邮件服务器,IP地址分别设置为192.168.1.100和192.168.1.21(也可在一台机器上做)
vi /etc/sysconfig/network-scripts/ifcfg-eth0
修改为以下字段:
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.21
NETMASK=255.255.255.0
GATEWAY=192.168.1.254
DNS1=192.168.1.100
1) 在192.168.1.100上安装bind
yum -y install bind
2) 修改/etc/named.conf
vi /etc/named.conf
将以下三行修改掉,如果不修改的话,客户端不能通过其解析域名
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
allow-query { localhost; };
修改成以下内容,保存退出
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
allow-query { any; };
3) 修改/etc/named.rfc1912.zones
vi /etc/named.rfc1912.zones
添加以下内容,解析cloud.edu.cn域名时,访问cloud.edu.cn.zone文件
zone "cloud.edu.cn" IN {
type master;
file "cloud.edu.cn.zone";
allow-update { none; };
};
4) 创建cloud.edu.cn.zone文件
vi /var/named/cloud.edu.cn.zone
添加以下内容,保存退出
(当发送到XXX@cloud.edu.cn的邮件转发到pop.cloud.edu.cn服务器上)
$TTL 86400
@ IN SOA cloud.edu.cn. root.cloud.edu.cn. (
43 ; Serial(d.adams)
3H ; Refresh
15M ; Retry
1w ; Expire
1D ) ; Minimum
@ IN NS localhost.
cloud.edu.cn. IN MX 10 pop.cloud.edu.cn.
pop IN A 192.168.1.21
为了防止权限问题,最好设置该文件所属组为named
chown :named /var/named/cloud.edu.cn.zone
5) 启用DNS服务
service named start
如果出现出现Generating /etc/rndc.key错误,解决方法就是运行下面的命令导入key
rndc-confgen -r /dev/urandom -a
6) 修改防火墙设置
vi /etc/sysconfig/iptables
增加两行,允许53端口和953端口通过防火墙
-A INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 953 -j ACCEPT
重启防火墙服务
service iptables restart
7) 在192.168.1.21上安装安装相关邮件服务
yum -y install postfix dovecot mailx
8) 配置postfix服务
vi /etc/postfix/main.cf
修改为如下内容(计算机名和域名根据情况修改)
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = pop.cloud.edu.cn
mydomain = cloud.edu.cn
myorigin = $myhostname
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = 0.0.0.0/0
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit
broken_sasl_auth_clients = yes
service postfix restart
chkconfig postfix on
9) 配置dovecot服务
vi /etc/dovecot/dovecot.conf
将以下两行的#去掉,修改为如下内容
protocols = imap pop3
listen = *, ::
vi /etc/dovecot/conf.d/10-auth.conf
配置认证方式,将以下两行修改为如下内容
disable_plaintext_auth = no
auth_mechanisms = plain login
vi /etc/dovecot/conf.d/10-mail.conf
配置文件夹位置,将以下一行的#去掉,修改为如下内容
mail_location = maildir:~/Maildir
vi /etc/dovecot/conf.d/10-master.conf
配置认证,将以下两行的#去掉,增加两行,修改为如下内容
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
vi /etc/dovecot/conf.d/20-pop3.conf
配置pop3,将以下两行的#去掉,修改为如下内容
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
service dovecot restart
chkconfig dovecot on
10) 新增测试用户
useradd admin
useradd aaa
echo 123456 | passwd --stdin admin
echo 123456 | passwd --stdin aaa
11) 配置防火墙
iptables -F
service iptables save
12) 通过Foxmail测试用户是否能够正常收发邮件