Chinaunix首页 | 论坛 | 博客
  • 博客访问: 487752
  • 博文数量: 82
  • 博客积分: 3003
  • 博客等级: 中校
  • 技术积分: 1285
  • 用 户 组: 普通用户
  • 注册时间: 2007-09-11 15:27
文章分类

全部博文(82)

文章存档

2011年(1)

2010年(5)

2009年(63)

2008年(13)

我的朋友

分类: LINUX

2008-11-11 16:07:49

PDF下载:
文件:搭建smtp_pop3服务器_sendmail_dovecot_实验笔记(第二次修改).pdf
大小:375KB
下载:下载


搭建smtp + pop3服务器实验笔记(sendmail + dovecot)





撰写者信息:

Alin Fang (Fang Yunlin)

MSN:

G Talk:

Blog: http://www.alinblog.cn/


修改日期:

12 Nov, 2008

2次修改



版权:

GNU


声明:

本人实验笔记,非权威文档。如有错误请告知。十分感谢!




实验环境

fqdn: mail.apple.com

OS: Red Hat Enterprise Linux 5 update 2

network: 192.169.200.1/24

/etc/resolve.conf配置为

nameserver 192.168.200.1


fqdn: mail.orange.com

OS: Red Hat Enterprise Linux 5 update 2

network: 192.169.200.2/24

/etc/resolve.conf配置为

nameserver 192.168.200.1


fqdn: client1.apple.com

OS: Red Hat Enterprise Linux 5 update 2

network: 192.169.200.3/24

/etc/resolve.conf配置为

nameserver 192.168.200.1


fqdn: client1.orange.com

OS: Red Hat Enterprise Linux 5 update 2

network: 192.169.200.4/24

/etc/resolve.conf配置为

nameserver 192.168.200.1



目标

mail.apple.com上搭建smtp服务器

mail.orange.com上搭建smtp服务器

client1.apple.com通过mail.apple.commail.orange.com上的用户user1发送信件

client1.orange.com通过mail.orange.commail.apple.com上的用户user1发送信件


流程概述




  1. 发信客户端把邮件交给发信服务器

  2. 发信服务器通过查看/etc/mail/local-host-names判断邮件是否属于本域,如果是,则扣押下来以备对应的用户查阅,如果不是,则向DNS查询该邮件所属区域的MX记录,向该邮件服务器传递邮件。这个时候其实是发信服务器在向目标发送邮件,而不是发信客户端直接向目标发送邮件。




实验步骤

mail.apple.com上操作

配置DNS

安装相关RPM

[root@mail Server]# pwd

/misc/cd/Server

[root@mail Server]# rpm -ivh bind-9.3.4-6.P1.el5.i386.rpm bind-chroot-9.3.4-6.P1.el5.i386.rpm caching-nameserver-9.3.4-6.P1.el5.i386.rpm

warning: bind-9.3.4-6.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:bind ########################################### [ 33%]

2:bind-chroot ########################################### [ 67%]

3:caching-nameserver ########################################### [100%]

[root@mail Server]#


配置BIND

[root@mail Server]# cd /var/named/chroot/etc/

[root@mail etc]# mv named.caching-nameserver.conf named.conf

[root@mail etc]# mv named.rfc1912.zones named.zones

[root@mail etc]#


修改named.confnamed.zones配置

配置如下

named.conf:

acl "mynet" { 192.168.200.0/24; };


options {

listen-on port 53 { 127.0.0.1; mynet; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source port 53;

query-source-v6 port 53;

allow-query { localhost; mynet; };

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

view localhost_resolver {

match-clients { localhost; mynet; };

match-destinations { localhost; };

recursion yes;

include "/etc/named.zones";

};


named.zones:

zone "." IN {

type hint;

file "named.ca";

};


zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};

zone "apple.com" IN {

type master;

file "apple.com.zone";

allow-update { none; };

};


zone "orange.com" IN {

type master;

file "orange.com.zone";

allow-update { none; };

};


zone "200.168.192.in-addr.arpa" IN {

type master;

file "200.168.192.rzone";

allow-update { none; };

};


zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};


zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};


zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local";

allow-update { none; };

};


zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};


zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

};



配置zone的正解和反解

[root@mail etc]# cd ../var/named/

[root@mail named]# pwd

/var/named/chroot/var/named

[root@mail named]# ls

data localhost.zone named.ca named.local slaves

localdomain.zone named.broadcast named.ip6.local named.zero

[root@mail named]# cp localdomain.zone apple.com.zone

[root@mail named]# cp localdomain.zone orange.com.zone

[root@mail named]# cp named.local 200.168.192.rzone

[root@mail named]# ll

total 48

-rw-r----- 1 root root 426 Nov 11 22:05 200.168.192.rzone

-rw-r----- 1 root root 198 Nov 11 22:05 apple.com.zone

drwxrwx--- 2 named named 4096 Aug 26 2004 data

-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone

-rw-r----- 1 root named 195 Feb 29 2008 localhost.zone

-rw-r----- 1 root named 427 Feb 29 2008 named.broadcast

-rw-r----- 1 root named 1892 Feb 29 2008 named.ca

-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local

-rw-r----- 1 root named 426 Feb 29 2008 named.local

-rw-r----- 1 root named 427 Feb 29 2008 named.zero

-rw-r----- 1 root root 198 Nov 11 22:05 orange.com.zone

drwxrwx--- 2 named named 4096 Jul 27 2004 slaves

[root@mail named]# chown root.named apple.com.zone orange.com.zone 200.168.192.rzone

[root@mail named]# ll

total 48

-rw-r----- 1 root named 426 Nov 11 22:05 200.168.192.rzone

-rw-r----- 1 root named 198 Nov 11 22:05 apple.com.zone

drwxrwx--- 2 named named 4096 Aug 26 2004 data

-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone

-rw-r----- 1 root named 195 Feb 29 2008 localhost.zone

-rw-r----- 1 root named 427 Feb 29 2008 named.broadcast

-rw-r----- 1 root named 1892 Feb 29 2008 named.ca

-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local

-rw-r----- 1 root named 426 Feb 29 2008 named.local

-rw-r----- 1 root named 427 Feb 29 2008 named.zero

-rw-r----- 1 root named 198 Nov 11 22:05 orange.com.zone

drwxrwx--- 2 named named 4096 Jul 27 2004 slaves

[root@mail named]#



修改apple.com.zone

这是我的apple.com.zone配置

$TTL 86400

@ IN SOA localhost root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS localhost

@ IN MX 5 mail

localhost IN A 127.0.0.1

mail IN A 192.168.200.1

client1 IN A 192.168.200.3


修改orange.com.zone

这是我的orange.com.zone配置

$TTL 86400

@ IN SOA localhost root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS localhost

@ IN MX 5 mail

localhost IN A 127.0.0.1

mail IN A 192.168.200.2

client1 IN A 192.168.200.4


修改200.168.192.rzone

这是我的200.168.192.rzone配置

$TTL 86400

@ IN SOA localhost. root.localhost. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

1 IN PTR mail.apple.com.

2 IN PTR mail.orange.com.

3 IN PTR client1.apple.com.

4 IN PTR client1.orange.com.



启动DNS服务

[root@mail named]# service named restart

Stopping named: [ OK ]

Starting named: [ OK ]

[root@mail named]# chkconfig --level 35 named on

[root@mail named]#



修改/etc/resolv.conf,指定DNS服务器为自己

这个是我的/etc/resolv.conf配置

[root@mail named]# cat /etc/resolv.conf

nameserver 192.168.200.1

[root@mail named]#


测试DNS查询

[root@mail named]# nslookup -type=MX apple.com

Server: 192.168.200.1

Address: 192.168.200.1#53


apple.com mail exchanger = 5 mail.apple.com.


[root@mail named]# nslookup -type=MX orange.com

Server: 192.168.200.1

Address: 192.168.200.1#53


orange.com mail exchanger = 5 mail.orange.com.


[root@mail named]# nslookup mail.apple.com

Server: 192.168.200.1

Address: 192.168.200.1#53


Name: mail.apple.com

Address: 192.168.200.1


[root@mail named]# nslookup mail.orange.com

Server: 192.168.200.1

Address: 192.168.200.1#53


Name: mail.orange.com

Address: 192.168.200.2


[root@mail named]# nslookup 192.168.200.1

Server: 192.168.200.1

Address: 192.168.200.1#53


1.200.168.192.in-addr.arpa name = mail.apple.com.


[root@mail named]# nslookup 192.168.200.2

Server: 192.168.200.1

Address: 192.168.200.1#53


2.200.168.192.in-addr.arpa name = mail.orange.com.


[root@mail named]#



安装配置sendmail

[root@mail named]# rpm -q sendmail

sendmail-8.13.8-2.el5

[root@mail named]# rpm -q sendmail-cf

package sendmail-cf is not installed

[root@mail named]# cd /misc/cd/Server

[root@mail Server]# rpm -ivh sendmail-cf-8.13.8-2.el5.i386.rpm

warning: sendmail-cf-8.13.8-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:sendmail-cf ########################################### [100%]

[root@mail Server]#

这里面提供了sendmail的配置以及工具。


修改sendmail.conf

允许sendmail监听所有主机的请求

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

改为

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl


启用发信验证功能

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

改为

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl


生成新的sendmail.cf

[root@mail mail]# m4 sendmail.mc > sendmail.cf

[root@mail mail]#

这里可以用service sendmail restart替代m4 sendmail.mc > sendmail.cf

因为/etc/init.d/sendmail脚本里面已经有了m4 sendmail.mc > sendmail.cf这一个操作了。


编辑/etc/mail/access

设置允许RELAY发信的域

这个是我的/etc/mail/access的配置

Connect:localhost.localdomain RELAY

Connect:localhost RELAY

Connect:127.0.0.1 RELAY

Connect:apple.com RELAY


重新生成access.db

[root@mail mail]# makemap hash access.db < access

确认access .db是否被更新

[root@mail mail]# strings access.db

RELAY

connect:localhost.localdomain

RELAY

connect:apple.com

RELAY

connect:127.0.0.1

RELAY

connect:localhost

[root@mail mail]#


配置/etc/mail/local-host-names

local-host-names指明哪些域的邮件的目的地就是本sendmail服务器要给保存下来。

这个是我的/etc/mail/local-host-names配置

apple.com

mail.apple.com


重启sendmail服务器重新加载配置

开启发信验证服务

[root@mail ~]# service saslauthd restart

Stopping saslauthd: [FAILED]

Starting saslauthd: [ OK ]

[root@mail ~]#


安装配置dovecot

安装dovecot

[root@mail Server]# rpm -vih dovecot-1.0.7-2.el5.i386.rpm mysql-5.0.45-7.el5.i386.rpm postgresql-libs-8.1.11-1.el5_1.1.i386.rpm perl-DBI-1.52-1.fc6.i386.rpm

warning: dovecot-1.0.7-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:perl-DBI ########################################### [ 25%]

2:mysql ########################################### [ 50%]

3:postgresql-libs ########################################### [ 75%]

4:dovecot ########################################### [100%]

[root@mail Server]#


配置dovecot

修改/etc/dovecot.conf

#protocols = imap imaps pop3 pop3s

改为

protocols = pop3

启动dovecot

[root@mail Server]# service dovecot restart

Stopping Dovecot Imap: [FAILED]

Starting Dovecot Imap: [ OK ]

[root@mail Server]# chkconfig --level 35 dovecot on

[root@mail Server]# netstat -ntpal | grep dovecot

tcp 0 0 :::110 :::* LISTEN 14013/dovecot

[root@mail Server]#



配置mail.orange.com

不用配置DNSDNS指向192.168.200.1即可

安装与配置方法与mail.apple.com一模一样

为了不浪费版面,我只贴出操作方法和配置

安装配置sendmail




[root@mail cd]# cd Server/

[root@mail Server]# pwd

/misc/cd/Server

[root@mail Server]# rpm -ivh sendmail-cf-8.13.8-2.el5.i386.rpm

warning: sendmail-cf-8.13.8-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:sendmail-cf ########################################### [100%]

[root@mail Server]# cd /etc/mail

修改/etc/mail/sendmail.conf

[root@mail mail]# vim sendmail.mc


DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

改为

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl


启用发信验证功能

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

改为

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl



编辑/etc/mail/access


Connect:localhost.localdomain RELAY

Connect:localhost RELAY

Connect:127.0.0.1 RELAY

Connect:orange.com RELAY

编辑/etc/mail/local-host-names

orange.com

mail.orange.com

使配置生效

[root@mail mail]# service sendmail restart

Shutting down sm-client: [ OK ]

Shutting down sendmail: [ OK ]

Starting sendmail: [ OK ]

Starting sm-client: [ OK ]

[root@mail mail]# strings access.db

RELAY

connect:localhost.localdomain

RELAY

connect:orange.com

RELAY

connect:127.0.0.1

RELAY

connect:localhost

[root@mail mail]# netstat -ntpal | grep sendmail

tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3564/sendmail: acce

[root@mail mail]#


开启发信验证服务

[root@mail ~]# service saslauthd restart

Stopping saslauthd: [FAILED]

Starting saslauthd: [ OK ]

[root@mail ~]#


安装配置dovecot

安装dovecot

[root@mail Server]# rpm -vih dovecot-1.0.7-2.el5.i386.rpm mysql-5.0.45-7.el5.i386.rpm postgresql-libs-8.1.11-1.el5_1.1.i386.rpm perl-DBI-1.52-1.fc6.i386.rpm

warning: dovecot-1.0.7-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:perl-DBI ########################################### [ 25%]

2:mysql ########################################### [ 50%]

3:postgresql-libs ########################################### [ 75%]

4:dovecot ########################################### [100%]

[root@mail Server]#


配置dovecot

修改/etc/dovecot.conf

#protocols = imap imaps pop3 pop3s

改为

protocols = pop3

启动dovecot

[root@mail Server]# service dovecot restart

Stopping Dovecot Imap: [FAILED]

Starting Dovecot Imap: [ OK ]

[root@mail Server]# chkconfig --level 35 dovecot on

[root@mail Server]# netstat -ntpal | grep dovecot

tcp 0 0 :::110 :::* LISTEN 14013/dovecot

[root@mail Server]#


mail.apple.com上操作

添加邮件用户user1

[root@mail mail]# useradd --shell /sbin/nologin user1

[root@mail mail]# passwd user1

Changing password for user user1.

New UNIX password:

BAD PASSWORD: it is based on a dictionary word

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@mail mail]#


mail.orange.com上操作

添加邮件用户user1

[root@mail mail]# useradd --shell /sbin/nologin user1

[root@mail mail]# passwd user1

Changing password for user user1.

New UNIX password:

BAD PASSWORD: it is based on a dictionary word

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@mail mail]#


测试

请按照实验环境设置好DNS

client1.apple.com上发信





client1.orange.com上收信





阅读(4903) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~