PDF下载：

文件: 搭建smtp_pop3服务器_sendmail_dovecot_实验笔记(第二次修改).pdf 大小: 375KB 下载: 下载

搭建smtp + pop3服务器实验笔记(sendmail + dovecot)

撰写者信息：

Alin Fang (Fang Yunlin)

MSN:

G Talk:

Blog: http://www.alinblog.cn/

修改日期：

12 Nov, 2008

第2次修改

版权：

GNU

声明：

本人实验笔记，非权威文档。如有错误请告知。十分感谢！

实验环境

fqdn: mail.apple.com

OS: Red Hat Enterprise Linux 5 update 2

network: 192.169.200.1/24

/etc/resolve.conf配置为

nameserver 192.168.200.1

fqdn: mail.orange.com

OS: Red Hat Enterprise Linux 5 update 2

network: 192.169.200.2/24

/etc/resolve.conf配置为

nameserver 192.168.200.1

fqdn: client1.apple.com

OS: Red Hat Enterprise Linux 5 update 2

network: 192.169.200.3/24

/etc/resolve.conf配置为

nameserver 192.168.200.1

fqdn: client1.orange.com

OS: Red Hat Enterprise Linux 5 update 2

network: 192.169.200.4/24

/etc/resolve.conf配置为

nameserver 192.168.200.1

目标

在mail.apple.com上搭建smtp服务器

在mail.orange.com上搭建smtp服务器

client1.apple.com通过mail.apple.com向mail.orange.com上的用户user1发送信件

client1.orange.com通过mail.orange.com向mail.apple.com上的用户user1发送信件

流程概述

1. 发信客户端把邮件交给发信服务器

2. 发信服务器通过查看/etc/mail/local-host-names判断邮件是否属于本域，如果是，则扣押下来以备对应的用户查阅，如果不是，则向DNS查询该邮件所属区域的MX记录，向该邮件服务器传递邮件。这个时候其实是发信服务器在向目标发送邮件，而不是发信客户端直接向目标发送邮件。

实验步骤

在mail.apple.com上操作

配置DNS

安装相关RPM包

[root@mail Server]# pwd

/misc/cd/Server

[root@mail Server]# rpm -ivh bind-9.3.4-6.P1.el5.i386.rpm bind-chroot-9.3.4-6.P1.el5.i386.rpm caching-nameserver-9.3.4-6.P1.el5.i386.rpm

warning: bind-9.3.4-6.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:bind ########################################### [ 33%]

2:bind-chroot ########################################### [ 67%]

3:caching-nameserver ########################################### [100%]

[root@mail Server]#

配置BIND

[root@mail Server]# cd /var/named/chroot/etc/

[root@mail etc]# mv named.caching-nameserver.conf named.conf

[root@mail etc]# mv named.rfc1912.zones named.zones

[root@mail etc]#

修改named.conf和named.zones配置

配置如下

named.conf:

acl "mynet" { 192.168.200.0/24; };

options {

listen-on port 53 { 127.0.0.1; mynet; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

query-source port 53;

query-source-v6 port 53;

allow-query { localhost; mynet; };

};

logging {

channel default_debug {

file "data/named.run";

severity dynamic;

};

};

view localhost_resolver {

match-clients { localhost; mynet; };

match-destinations { localhost; };

recursion yes;

include "/etc/named.zones";

};

named.zones:

zone "." IN {

type hint;

file "named.ca";

};

zone "localdomain" IN {

type master;

file "localdomain.zone";

allow-update { none; };

};

zone "apple.com" IN {

type master;

file "apple.com.zone";

allow-update { none; };

};

zone "orange.com" IN {

type master;

file "orange.com.zone";

allow-update { none; };

};

zone "200.168.192.in-addr.arpa" IN {

type master;

file "200.168.192.rzone";

allow-update { none; };

};

zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};

zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {

type master;

file "named.ip6.local";

allow-update { none; };

};

zone "255.in-addr.arpa" IN {

type master;

file "named.broadcast";

allow-update { none; };

};

zone "0.in-addr.arpa" IN {

type master;

file "named.zero";

allow-update { none; };

};

配置zone的正解和反解

[root@mail etc]# cd ../var/named/

[root@mail named]# pwd

/var/named/chroot/var/named

[root@mail named]# ls

data localhost.zone named.ca named.local slaves

localdomain.zone named.broadcast named.ip6.local named.zero

[root@mail named]# cp localdomain.zone apple.com.zone

[root@mail named]# cp localdomain.zone orange.com.zone

[root@mail named]# cp named.local 200.168.192.rzone

[root@mail named]# ll

total 48

-rw-r----- 1 root root 426 Nov 11 22:05 200.168.192.rzone

-rw-r----- 1 root root 198 Nov 11 22:05 apple.com.zone

drwxrwx--- 2 named named 4096 Aug 26 2004 data

-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone

-rw-r----- 1 root named 195 Feb 29 2008 localhost.zone

-rw-r----- 1 root named 427 Feb 29 2008 named.broadcast

-rw-r----- 1 root named 1892 Feb 29 2008 named.ca

-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local

-rw-r----- 1 root named 426 Feb 29 2008 named.local

-rw-r----- 1 root named 427 Feb 29 2008 named.zero

-rw-r----- 1 root root 198 Nov 11 22:05 orange.com.zone

drwxrwx--- 2 named named 4096 Jul 27 2004 slaves

[root@mail named]# chown root.named apple.com.zone orange.com.zone 200.168.192.rzone

[root@mail named]# ll

total 48

-rw-r----- 1 root named 426 Nov 11 22:05 200.168.192.rzone

-rw-r----- 1 root named 198 Nov 11 22:05 apple.com.zone

drwxrwx--- 2 named named 4096 Aug 26 2004 data

-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone

-rw-r----- 1 root named 195 Feb 29 2008 localhost.zone

-rw-r----- 1 root named 427 Feb 29 2008 named.broadcast

-rw-r----- 1 root named 1892 Feb 29 2008 named.ca

-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local

-rw-r----- 1 root named 426 Feb 29 2008 named.local

-rw-r----- 1 root named 427 Feb 29 2008 named.zero

-rw-r----- 1 root named 198 Nov 11 22:05 orange.com.zone

drwxrwx--- 2 named named 4096 Jul 27 2004 slaves

[root@mail named]#

修改apple.com.zone

这是我的apple.com.zone配置

$TTL 86400

@ IN SOA localhost root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS localhost

@ IN MX 5 mail

localhost IN A 127.0.0.1

mail IN A 192.168.200.1

client1 IN A 192.168.200.3

修改orange.com.zone

这是我的orange.com.zone配置

$TTL 86400

@ IN SOA localhost root (

42 ; serial (d. adams)

3H ; refresh

15M ; retry

1W ; expiry

1D ) ; minimum

IN NS localhost

@ IN MX 5 mail

localhost IN A 127.0.0.1

mail IN A 192.168.200.2

client1 IN A 192.168.200.4

修改200.168.192.rzone

这是我的200.168.192.rzone配置

$TTL 86400

@ IN SOA localhost. root.localhost. (

1997022700 ; Serial

28800 ; Refresh

14400 ; Retry

3600000 ; Expire

86400 ) ; Minimum

IN NS localhost.

1 IN PTR mail.apple.com.

2 IN PTR mail.orange.com.

3 IN PTR client1.apple.com.

4 IN PTR client1.orange.com.

启动DNS服务

[root@mail named]# service named restart

Stopping named: [ OK ]

Starting named: [ OK ]

[root@mail named]# chkconfig --level 35 named on

[root@mail named]#

修改/etc/resolv.conf，指定DNS服务器为自己

这个是我的/etc/resolv.conf配置

[root@mail named]# cat /etc/resolv.conf

nameserver 192.168.200.1

[root@mail named]#

测试DNS查询

[root@mail named]# nslookup -type=MX apple.com

Server: 192.168.200.1

Address: 192.168.200.1#53

apple.com mail exchanger = 5 mail.apple.com.

[root@mail named]# nslookup -type=MX orange.com

Server: 192.168.200.1

Address: 192.168.200.1#53

orange.com mail exchanger = 5 mail.orange.com.

[root@mail named]# nslookup mail.apple.com

Server: 192.168.200.1

Address: 192.168.200.1#53

Name: mail.apple.com

Address: 192.168.200.1

[root@mail named]# nslookup mail.orange.com

Server: 192.168.200.1

Address: 192.168.200.1#53

Name: mail.orange.com

Address: 192.168.200.2

[root@mail named]# nslookup 192.168.200.1

Server: 192.168.200.1

Address: 192.168.200.1#53

1.200.168.192.in-addr.arpa name = mail.apple.com.

[root@mail named]# nslookup 192.168.200.2

Server: 192.168.200.1

Address: 192.168.200.1#53

2.200.168.192.in-addr.arpa name = mail.orange.com.

[root@mail named]#

安装配置sendmail

[root@mail named]# rpm -q sendmail

sendmail-8.13.8-2.el5

[root@mail named]# rpm -q sendmail-cf

package sendmail-cf is not installed

[root@mail named]# cd /misc/cd/Server

[root@mail Server]# rpm -ivh sendmail-cf-8.13.8-2.el5.i386.rpm

warning: sendmail-cf-8.13.8-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:sendmail-cf ########################################### [100%]

[root@mail Server]#

这里面提供了sendmail的配置以及工具。

修改sendmail.conf

允许sendmail监听所有主机的请求

把

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

改为

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl

启用发信验证功能

把

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

改为

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

生成新的sendmail.cf

[root@mail mail]# m4 sendmail.mc > sendmail.cf

[root@mail mail]#

这里可以用service sendmail restart替代m4 sendmail.mc > sendmail.cf

因为/etc/init.d/sendmail脚本里面已经有了m4 sendmail.mc > sendmail.cf这一个操作了。

编辑/etc/mail/access

设置允许RELAY发信的域

这个是我的/etc/mail/access的配置

Connect:localhost.localdomain RELAY

Connect:localhost RELAY

Connect:127.0.0.1 RELAY

Connect:apple.com RELAY

重新生成access.db

[root@mail mail]# makemap hash access.db < access

确认access .db是否被更新

[root@mail mail]# strings access.db

RELAY

connect:localhost.localdomain

RELAY

connect:apple.com

RELAY

connect:127.0.0.1

RELAY

connect:localhost

[root@mail mail]#

配置/etc/mail/local-host-names

local-host-names指明哪些域的邮件的目的地就是本sendmail服务器要给保存下来。

这个是我的/etc/mail/local-host-names配置

apple.com

mail.apple.com

重启sendmail服务器重新加载配置

开启发信验证服务

[root@mail ~]# service saslauthd restart

Stopping saslauthd: [FAILED]

Starting saslauthd: [ OK ]

[root@mail ~]#

安装配置dovecot

安装dovecot

[root@mail Server]# rpm -vih dovecot-1.0.7-2.el5.i386.rpm mysql-5.0.45-7.el5.i386.rpm postgresql-libs-8.1.11-1.el5_1.1.i386.rpm perl-DBI-1.52-1.fc6.i386.rpm

warning: dovecot-1.0.7-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:perl-DBI ########################################### [ 25%]

2:mysql ########################################### [ 50%]

3:postgresql-libs ########################################### [ 75%]

4:dovecot ########################################### [100%]

[root@mail Server]#

配置dovecot

修改/etc/dovecot.conf

把

#protocols = imap imaps pop3 pop3s

改为

protocols = pop3

启动dovecot

[root@mail Server]# service dovecot restart

Stopping Dovecot Imap: [FAILED]

Starting Dovecot Imap: [ OK ]

[root@mail Server]# chkconfig --level 35 dovecot on

[root@mail Server]# netstat -ntpal | grep dovecot

tcp 0 0 :::110 :::* LISTEN 14013/dovecot

[root@mail Server]#

配置mail.orange.com

不用配置DNS，DNS指向192.168.200.1即可

安装与配置方法与mail.apple.com一模一样

为了不浪费版面，我只贴出操作方法和配置

安装配置sendmail

[root@mail cd]# cd Server/

[root@mail Server]# pwd

/misc/cd/Server

[root@mail Server]# rpm -ivh sendmail-cf-8.13.8-2.el5.i386.rpm

warning: sendmail-cf-8.13.8-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:sendmail-cf ########################################### [100%]

[root@mail Server]# cd /etc/mail

修改/etc/mail/sendmail.conf

[root@mail mail]# vim sendmail.mc

把

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

改为

DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl

启用发信验证功能

把

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

改为

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

编辑/etc/mail/access为

Connect:localhost.localdomain RELAY

Connect:localhost RELAY

Connect:127.0.0.1 RELAY

Connect:orange.com RELAY

编辑/etc/mail/local-host-names为

orange.com

mail.orange.com

使配置生效

[root@mail mail]# service sendmail restart

Shutting down sm-client: [ OK ]

Shutting down sendmail: [ OK ]

Starting sendmail: [ OK ]

Starting sm-client: [ OK ]

[root@mail mail]# strings access.db

RELAY

connect:localhost.localdomain

RELAY

connect:orange.com

RELAY

connect:127.0.0.1

RELAY

connect:localhost

[root@mail mail]# netstat -ntpal | grep sendmail

tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3564/sendmail: acce

[root@mail mail]#

开启发信验证服务

[root@mail ~]# service saslauthd restart

Stopping saslauthd: [FAILED]

Starting saslauthd: [ OK ]

[root@mail ~]#

安装配置dovecot

安装dovecot

[root@mail Server]# rpm -vih dovecot-1.0.7-2.el5.i386.rpm mysql-5.0.45-7.el5.i386.rpm postgresql-libs-8.1.11-1.el5_1.1.i386.rpm perl-DBI-1.52-1.fc6.i386.rpm

warning: dovecot-1.0.7-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186

Preparing... ########################################### [100%]

1:perl-DBI ########################################### [ 25%]

2:mysql ########################################### [ 50%]

3:postgresql-libs ########################################### [ 75%]

4:dovecot ########################################### [100%]

[root@mail Server]#

配置dovecot

修改/etc/dovecot.conf

把

#protocols = imap imaps pop3 pop3s

改为

protocols = pop3

启动dovecot

[root@mail Server]# service dovecot restart

Stopping Dovecot Imap: [FAILED]

Starting Dovecot Imap: [ OK ]

[root@mail Server]# chkconfig --level 35 dovecot on

[root@mail Server]# netstat -ntpal | grep dovecot

tcp 0 0 :::110 :::* LISTEN 14013/dovecot

[root@mail Server]#

在mail.apple.com上操作

添加邮件用户user1

[root@mail mail]# useradd --shell /sbin/nologin user1

[root@mail mail]# passwd user1

Changing password for user user1.

New UNIX password:

BAD PASSWORD: it is based on a dictionary word

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@mail mail]#

在mail.orange.com上操作

添加邮件用户user1

[root@mail mail]# useradd --shell /sbin/nologin user1

[root@mail mail]# passwd user1

Changing password for user user1.

New UNIX password:

BAD PASSWORD: it is based on a dictionary word

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

[root@mail mail]#

测试

请按照实验环境设置好DNS！

在client1.apple.com上发信

在client1.orange.com上收信