分类: LINUX
2008-11-11 16:07:49
|
搭建smtp + pop3服务器实验笔记(sendmail + dovecot)
Alin Fang (Fang Yunlin)
MSN:
G Talk:
Blog: http://www.alinblog.cn/
12 Nov, 2008
第2次修改
GNU
本人实验笔记,非权威文档。如有错误请告知。十分感谢!
fqdn: mail.apple.com
OS: Red Hat Enterprise Linux 5 update 2
network: 192.169.200.1/24
/etc/resolve.conf配置为
nameserver 192.168.200.1
fqdn: mail.orange.com
OS: Red Hat Enterprise Linux 5 update 2
network: 192.169.200.2/24
/etc/resolve.conf配置为
nameserver 192.168.200.1
fqdn: client1.apple.com
OS: Red Hat Enterprise Linux 5 update 2
network: 192.169.200.3/24
/etc/resolve.conf配置为
nameserver 192.168.200.1
fqdn: client1.orange.com
OS: Red Hat Enterprise Linux 5 update 2
network: 192.169.200.4/24
/etc/resolve.conf配置为
nameserver 192.168.200.1
在mail.apple.com上搭建smtp服务器
在mail.orange.com上搭建smtp服务器
client1.apple.com通过mail.apple.com向mail.orange.com上的用户user1发送信件
client1.orange.com通过mail.orange.com向mail.apple.com上的用户user1发送信件
发信客户端把邮件交给发信服务器
发信服务器通过查看/etc/mail/local-host-names判断邮件是否属于本域,如果是,则扣押下来以备对应的用户查阅,如果不是,则向DNS查询该邮件所属区域的MX记录,向该邮件服务器传递邮件。这个时候其实是发信服务器在向目标发送邮件,而不是发信客户端直接向目标发送邮件。
[root@mail Server]# pwd
/misc/cd/Server
[root@mail Server]# rpm -ivh bind-9.3.4-6.P1.el5.i386.rpm bind-chroot-9.3.4-6.P1.el5.i386.rpm caching-nameserver-9.3.4-6.P1.el5.i386.rpm
warning: bind-9.3.4-6.P1.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:bind ########################################### [ 33%]
2:bind-chroot ########################################### [ 67%]
3:caching-nameserver ########################################### [100%]
[root@mail Server]#
[root@mail Server]# cd /var/named/chroot/etc/
[root@mail etc]# mv named.caching-nameserver.conf named.conf
[root@mail etc]# mv named.rfc1912.zones named.zones
[root@mail etc]#
配置如下
named.conf:
acl "mynet" { 192.168.200.0/24; };
options {
listen-on port 53 { 127.0.0.1; mynet; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; mynet; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; mynet; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.zones";
};
named.zones:
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "apple.com" IN {
type master;
file "apple.com.zone";
allow-update { none; };
};
zone "orange.com" IN {
type master;
file "orange.com.zone";
allow-update { none; };
};
zone "200.168.192.in-addr.arpa" IN {
type master;
file "200.168.192.rzone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
[root@mail etc]# cd ../var/named/
[root@mail named]# pwd
/var/named/chroot/var/named
[root@mail named]# ls
data localhost.zone named.ca named.local slaves
localdomain.zone named.broadcast named.ip6.local named.zero
[root@mail named]# cp localdomain.zone apple.com.zone
[root@mail named]# cp localdomain.zone orange.com.zone
[root@mail named]# cp named.local 200.168.192.rzone
[root@mail named]# ll
total 48
-rw-r----- 1 root root 426 Nov 11 22:05 200.168.192.rzone
-rw-r----- 1 root root 198 Nov 11 22:05 apple.com.zone
drwxrwx--- 2 named named 4096 Aug 26 2004 data
-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone
-rw-r----- 1 root named 195 Feb 29 2008 localhost.zone
-rw-r----- 1 root named 427 Feb 29 2008 named.broadcast
-rw-r----- 1 root named 1892 Feb 29 2008 named.ca
-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local
-rw-r----- 1 root named 426 Feb 29 2008 named.local
-rw-r----- 1 root named 427 Feb 29 2008 named.zero
-rw-r----- 1 root root 198 Nov 11 22:05 orange.com.zone
drwxrwx--- 2 named named 4096 Jul 27 2004 slaves
[root@mail named]# chown root.named apple.com.zone orange.com.zone 200.168.192.rzone
[root@mail named]# ll
total 48
-rw-r----- 1 root named 426 Nov 11 22:05 200.168.192.rzone
-rw-r----- 1 root named 198 Nov 11 22:05 apple.com.zone
drwxrwx--- 2 named named 4096 Aug 26 2004 data
-rw-r----- 1 root named 198 Feb 29 2008 localdomain.zone
-rw-r----- 1 root named 195 Feb 29 2008 localhost.zone
-rw-r----- 1 root named 427 Feb 29 2008 named.broadcast
-rw-r----- 1 root named 1892 Feb 29 2008 named.ca
-rw-r----- 1 root named 424 Feb 29 2008 named.ip6.local
-rw-r----- 1 root named 426 Feb 29 2008 named.local
-rw-r----- 1 root named 427 Feb 29 2008 named.zero
-rw-r----- 1 root named 198 Nov 11 22:05 orange.com.zone
drwxrwx--- 2 named named 4096 Jul 27 2004 slaves
[root@mail named]#
这是我的apple.com.zone配置
$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
@ IN MX 5 mail
localhost IN A 127.0.0.1
mail IN A 192.168.200.1
client1 IN A 192.168.200.3
这是我的orange.com.zone配置
$TTL 86400
@ IN SOA localhost root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS localhost
@ IN MX 5 mail
localhost IN A 127.0.0.1
mail IN A 192.168.200.2
client1 IN A 192.168.200.4
这是我的200.168.192.rzone配置
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR mail.apple.com.
2 IN PTR mail.orange.com.
3 IN PTR client1.apple.com.
4 IN PTR client1.orange.com.
[root@mail named]# service named restart
Stopping named: [ OK ]
Starting named: [ OK ]
[root@mail named]# chkconfig --level 35 named on
[root@mail named]#
这个是我的/etc/resolv.conf配置
[root@mail named]# cat /etc/resolv.conf
nameserver 192.168.200.1
[root@mail named]#
[root@mail named]# nslookup -type=MX apple.com
Server: 192.168.200.1
Address: 192.168.200.1#53
apple.com mail exchanger = 5 mail.apple.com.
[root@mail named]# nslookup -type=MX orange.com
Server: 192.168.200.1
Address: 192.168.200.1#53
orange.com mail exchanger = 5 mail.orange.com.
[root@mail named]# nslookup mail.apple.com
Server: 192.168.200.1
Address: 192.168.200.1#53
Name: mail.apple.com
Address: 192.168.200.1
[root@mail named]# nslookup mail.orange.com
Server: 192.168.200.1
Address: 192.168.200.1#53
Name: mail.orange.com
Address: 192.168.200.2
[root@mail named]# nslookup 192.168.200.1
Server: 192.168.200.1
Address: 192.168.200.1#53
1.200.168.192.in-addr.arpa name = mail.apple.com.
[root@mail named]# nslookup 192.168.200.2
Server: 192.168.200.1
Address: 192.168.200.1#53
2.200.168.192.in-addr.arpa name = mail.orange.com.
[root@mail named]#
[root@mail named]# rpm -q sendmail
sendmail-8.13.8-2.el5
[root@mail named]# rpm -q sendmail-cf
package sendmail-cf is not installed
[root@mail named]# cd /misc/cd/Server
[root@mail Server]# rpm -ivh sendmail-cf-8.13.8-2.el5.i386.rpm
warning: sendmail-cf-8.13.8-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:sendmail-cf ########################################### [100%]
[root@mail Server]#
这里面提供了sendmail的配置以及工具。
允许sendmail监听所有主机的请求
把
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
改为
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
启用发信验证功能
把
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
改为
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
生成新的sendmail.cf
[root@mail mail]# m4 sendmail.mc > sendmail.cf
[root@mail mail]#
这里可以用service sendmail restart替代m4 sendmail.mc > sendmail.cf
因为/etc/init.d/sendmail脚本里面已经有了m4
sendmail.mc > sendmail.cf这一个操作了。
设置允许RELAY发信的域
这个是我的/etc/mail/access的配置
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:apple.com RELAY
[root@mail mail]# makemap hash access.db < access
确认access .db是否被更新
[root@mail mail]# strings access.db
RELAY
connect:localhost.localdomain
RELAY
connect:apple.com
RELAY
connect:127.0.0.1
RELAY
connect:localhost
[root@mail mail]#
local-host-names指明哪些域的邮件的目的地就是本sendmail服务器要给保存下来。
这个是我的/etc/mail/local-host-names配置
apple.com
mail.apple.com
[root@mail ~]# service saslauthd restart
Stopping saslauthd: [FAILED]
Starting saslauthd: [ OK ]
[root@mail ~]#
[root@mail Server]# rpm -vih dovecot-1.0.7-2.el5.i386.rpm mysql-5.0.45-7.el5.i386.rpm postgresql-libs-8.1.11-1.el5_1.1.i386.rpm perl-DBI-1.52-1.fc6.i386.rpm
warning: dovecot-1.0.7-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:perl-DBI ########################################### [ 25%]
2:mysql ########################################### [ 50%]
3:postgresql-libs ########################################### [ 75%]
4:dovecot ########################################### [100%]
[root@mail Server]#
修改/etc/dovecot.conf
把
#protocols = imap imaps pop3 pop3s
改为
protocols = pop3
[root@mail Server]# service dovecot restart
Stopping Dovecot Imap: [FAILED]
Starting Dovecot Imap: [ OK ]
[root@mail Server]# chkconfig --level 35 dovecot on
[root@mail Server]# netstat -ntpal | grep dovecot
tcp 0 0 :::110 :::* LISTEN 14013/dovecot
[root@mail Server]#
不用配置DNS,DNS指向192.168.200.1即可
安装与配置方法与mail.apple.com一模一样
为了不浪费版面,我只贴出操作方法和配置
[root@mail cd]# cd Server/
[root@mail Server]# pwd
/misc/cd/Server
[root@mail Server]# rpm -ivh sendmail-cf-8.13.8-2.el5.i386.rpm
warning: sendmail-cf-8.13.8-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:sendmail-cf ########################################### [100%]
[root@mail Server]# cd /etc/mail
[root@mail mail]# vim sendmail.mc
把
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
改为
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
启用发信验证功能
把
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
改为
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:orange.com RELAY
orange.com
mail.orange.com
使配置生效
[root@mail mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@mail mail]# strings access.db
RELAY
connect:localhost.localdomain
RELAY
connect:orange.com
RELAY
connect:127.0.0.1
RELAY
connect:localhost
[root@mail mail]# netstat -ntpal | grep sendmail
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3564/sendmail: acce
[root@mail mail]#
[root@mail ~]# service saslauthd restart
Stopping saslauthd: [FAILED]
Starting saslauthd: [ OK ]
[root@mail ~]#
[root@mail Server]# rpm -vih dovecot-1.0.7-2.el5.i386.rpm mysql-5.0.45-7.el5.i386.rpm postgresql-libs-8.1.11-1.el5_1.1.i386.rpm perl-DBI-1.52-1.fc6.i386.rpm
warning: dovecot-1.0.7-2.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:perl-DBI ########################################### [ 25%]
2:mysql ########################################### [ 50%]
3:postgresql-libs ########################################### [ 75%]
4:dovecot ########################################### [100%]
[root@mail Server]#
修改/etc/dovecot.conf
把
#protocols = imap imaps pop3 pop3s
改为
protocols = pop3
[root@mail Server]# service dovecot restart
Stopping Dovecot Imap: [FAILED]
Starting Dovecot Imap: [ OK ]
[root@mail Server]# chkconfig --level 35 dovecot on
[root@mail Server]# netstat -ntpal | grep dovecot
tcp 0 0 :::110 :::* LISTEN 14013/dovecot
[root@mail Server]#
添加邮件用户user1
[root@mail mail]# useradd --shell /sbin/nologin user1
[root@mail mail]# passwd user1
Changing password for user user1.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@mail mail]#
添加邮件用户user1
[root@mail mail]# useradd --shell /sbin/nologin user1
[root@mail mail]# passwd user1
Changing password for user user1.
New UNIX password:
BAD PASSWORD: it is based on a dictionary word
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@mail mail]#
请按照实验环境设置好DNS!
在client1.apple.com上发信
在client1.orange.com上收信