标签:smtp
###SMTP ###
###实验环境搭建
desktop:172.25.254.118
hostname:maillinux.linux.com
dns-server:172.25.254.218
server:172.25.254.218
hostname:mailwestos.westos.com
dns-server:172.25.254.218
###软件的安装
[root@mailwestos ~]# yum install bind -y
###DNS的配置
server端:
[root@mailwestos ~]# vim /etc/resolv.conf
2 domain westos.com
3 search westos.com linux.com
4 nameserver 172.25.254.218
[root@mailwestos ~]# vim /etc/named.conf
11 // listen-on port 53 { 127.0.0.1; }; \
12 // listen-on-v6 port 53 { ::1; }; |-->这三行注释掉
17 // allow-query { localhost; }; /
32 dnssec-validation no; ##关闭dns安全认证
[root@mailwestos ~]# vim /etc/named.rfc1912.zones
25 zone "linux.com" IN {
26 type master;
27 file "linux.com.zone";
28 allow-update { none; };
29 };
30
31 zone "westos.com" IN {
32 type master;
33 file "westos.com.zone";
34 allow-update { none; };
35 };
[root@mailwestos ~]# cd /var/named/
[root@mailwestos named]# cp -p named.localhost westos.com.zone
[root@mailwestos named]# cp -p named.localhost linux.com.zone
[root@mailwestos named]# vim westos.com.zone
1 $TTL 1D
2 @ IN SOA dns.westos.com. root.westos.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.com.
9 dns A 172.25.254.218
10 westos.com. MX 1 172.25.254.218.
[root@mailwestos named]# vim linux.com.zone
1 $TTL 1D
2 @ IN SOA dns.linux.com root.linux.com. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.linux.com.
9 dns A 172.25.254.218
10 linux.com. MX 1 172.25.254.118.
##注意:两条MX记录分别对应两个不同的域名和主机ip
[root@mailwestos named]# systemctl start named ##启动服务
[root@mailwestos named]# firewall-cmd --permanent --add-service=dns ##防火墙允许dns服务
success
[root@mailwestos named]# firewall-cmd --reload ##重启防火墙后生效
success
desktop端:
[root@maillinux ~]# vim /etc/resolv.conf
domain linux.com
search linux.com westos.com
nameserver 172.25.254.218
测试:
server端:
[root@mailwestos named]# dig -t MX westos.com
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.218.
[root@mailwestos named]# dig -t MX linux.com
;; ANSWER SECTION:
linux.com. 86400 IN MX 1 172.25.254.118.
desktop端:
[root@maillinux ~]# dig -t MX westos.com
;; ANSWER SECTION:
westos.com. 86400 IN MX 1 172.25.254.218.
[root@maillinux ~]# dig -t MX linux.com
;; ANSWER SECTION:
linux.com. 86400 IN MX 1 172.25.254.118.
###SMTP服务基础配置
server端:
[root@mailwestos named]# netstat -antple | grep 25 ##查看SMTP服务的端口是否开启
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 25 51218 3223/named
tcp 0 0 172.25.254.219:53 0.0.0.0:* LISTEN 25 51215 3223/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 25 51213 3223/named
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 20925 1262/sshd
tcp 0 0 172.25.254.219:22 172.25.254.19:55336 ESTABLISHED 0 25114 1588/sshd: root@pts
tcp6 0 0 ::1:953 :::* LISTEN 25 51219 3223/named
tcp6 0 0 :::25 :::* LISTEN 0 21229 1386/master
tcp6 0 0 :::111 :::* LISTEN 0 20425 1276/rpcbind
##经查看并为开启SMTP服务的端口
[root@mailwestos named]# vim /etc/postfix/main.cf ##配置SMTP主配置文件
75 myhostname = mailwestos.westos.com ##设置自己的主机名
83 mydomain = westos.com ##设置自己的域名
99 myorigin = $mydomain ##设置源=(自己的域名)
113 inet_interfaces = all ##开放所有ip上的25端口
116 #inet_interfaces = localhost ##将这一行注释掉(否则会影响第113行)
164 mydestination = $myhostname, $mydomain, localhost ##只处理发给(自己的主机名|域名|localhost)的邮件
[root@mailwestos named]# systemctl restart postfix.service ##重启服务后生效
测试:
server端:
[root@mailwestos named]# mail root@westos.com ##server给自己发mail
Subject: 123
ewqe
dawd
dawd
.
EOT
[root@mailwestos named]# mail ##查看所有邮件
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 unread
>U 1 root Tue Nov 29 10:11 21/576 "123"
&
##发送成功。(此时是219主机给自己发mail,因为119主机上并未配置smtp,所以219现在无法给119发mail)
或:
[root@mailwestos ~]# mail -u root ##查看发给root的mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/root": 1 message 1 unread
>U 1 root Tue Nov 29 10:11 21/576
&
==================注意=======================
上面的测试是server发mail给server端,不需要关闭防火墙。
但server和desktop之间相互发送mail的时候,要将双方的防火墙关闭,否则会发送失败。
============================================
补充:
1.当mail发送失败时,会保存下来。
[root@mailwestos named]# mail root@linux.com ##发给linux.com,但linux.com并未配置smtp
Subject: tbr
qeqwdwwa
dawda
dawdaw
.
EOT
[root@mailwestos named]# mailq ##查看待寄mail的清单及其相关信息
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
D2ABE24620B 447 Tue Nov 29 10:21:22 root@westos.com
(connect to 172.25.254.119[172.25.254.119]:25: No route to host)
root@linux.com
-- 0 Kbytes in 1 Request.
[root@mailwestos named]# postqueue -p ##查看寄存队列内容
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
1830C246219 443 Fri Dec 2 02:25:05 root@westos.com
(Host or domain name not found. Name service error for name=linux.com type=MX: Host not found, try again)
root@linux.com
-- 0 Kbytes in 1 Request.
[root@mailwestos named]# postqueue -f ##将待寄存队列的mail再发送一遍
[root@mailwestos named]# postsuper -d D2ABE24620B ##删除发送失败的mail,‘D2ABE24620B为该条mail的标示
postsuper: D2ABE24620B: removed
postsuper: Deleted: 1 message
[root@mailwestos named]# postsuper -dALL ##删除队列的所有寄存mail
[root@mailwestos named]# postconf -d ##查看默认配置
[root@mailwestos named]# postconf -n ##查看当前的配置
[root@mailwestos named]# postconf -e "inet_interface=localhost"
[root@mailwestos named]# postconf -d | grep inet
inet_interfaces = all
inet_protocols = all
local_header_rewrite_clients = permit_inet_interfaces
[root@mailwestos named]# vim /etc/postfix/main.cf
[root@mailwestos named]# ll /usr/sbin/sendmail
lrwxrwxrwx. 1 root root 21 5月 6 2014 /usr/sbin/sendmail -> /etc/alternatives/mta
[root@mailwestos named]# ll /etc/alternatives/mta
lrwxrwxrwx. 1 root root 26 5月 6 2014 /etc/alternatives/mta -> /usr/sbin/sendmail.postfix
#########4.主机之间发送mail##########
server端:
[root@mailwestos named]# systemctl stop firewalld.service ##关闭防火墙
[root@mailwestos named]# scp /etc/postfix/main.cf root@172.25.254.119:/etc/postfix/main.cf
desktop端:
[root@maillinux named]# vim /etc/postfix/main.cf ##配置SMTP主配置文件
:%s/westos/linux/g ##将全局的westos换为linux就ok了
[root@maillinux named]# systemctl restart postfix.service ##重启服务后生效
[root@mailwestos named]# systemctl stop firewalld.service ##关闭防火墙
测试:
desktop端--->server端
[root@maillinux ~]# mail root@westos.com
Subject: test1
dawdaw
dawda
wdaw
da
w
.
EOT
[root@mailwestos named]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root Fri Dec 2 08:34 25/755
& 1
Message 1:
From root@linux.com Fri Dec 2 08:34:35 2016
Return-Path: <root@linux.com>
X-Original-To: root@westos.com
Delivered-To: root@westos.com
Date: Fri, 02 Dec 2016 08:33:45 -0500
To: root@westos.com
Subject: test1
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@linux.com (root)
Status: R
dawdaw
dawda
wdaw
da
w
&
server端--->server端:
[root@mailwestos named]# mail root@linux.com
Subject: test2
wqqdwq
dawdwfda
dawdaw
.
EOT
[root@maillinux ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root Fri Dec 2 08:39 23/761
& 1
Message 1:
From 173209146@qq.com Fri Dec 2 08:39:06 2016
Return-Path: <173209146@qq.com>
X-Original-To: root@linux.com
Delivered-To: root@linux.com
Date: Fri, 02 Dec 2016 08:39:06 -0500
To: root@linux.com
Subject: test2
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: 173209146@qq.com (root)
Status: R
wqqdwq
dawdwfda
dawdaw
&
###虚拟邮件帐号
这个虚拟帐号名可以是系统中存在的帐号,也可以是不存在的。
正常情况下:
server端存在student用户,desktop给server的student用户发送邮件恶的情况如下:
[root@maillinux ~]# mail student@westos.com
Subject: test3
awdwqe
dwqdq
.
EOT
[root@mailwestos named]# mail -u student ##是student用户收到mail,而不是root
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/student": 1 message
> 1 root Tue Dec 6 01:43 23/805 "student"
&
修改了虚拟用户之后:
server端:
[root@mailwestos named]# vim /etc/aliases
97 admin: root
98 student: root
[root@mailwestos named]# postalias /etc/aliases ##加密(hash)生成db文件
[root@mailwestos named]# ll /etc/aliases*
-rw-r--r--. 1 root root 1576 12月 2 09:30 /etc/aliases
-rw-r--r--. 1 root root 12288 12月 2 09:08 /etc/aliases.db ##生成了该文件(系统最后读的是这个文件)
[root@mailwestos named]# systemctl restart postfix.service ##重启服务后生效
测试:
desktop端:
[root@maillinux ~]# mail admin@westos.com
Subject: test3
adwdq
dawdawd
dadawd
.
EOT
[root@maillinux ~]# mail student@westos.com
Subject: test4
qweqwd
dqwdzcfad
dawdawdwa
dqwdq
.
EOT
server端:
[root@mailwestos named]# mail -u root ##发给admin和student的mail其实是root接收了
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 3 messages 1 unread
1 root Fri Dec 2 08:34 26/766
2 root Fri Dec 2 09:06 24/768 ##这个是admin(实际收件人为root)
>U 3 root Fri Dec 2 09:09 25/787 ##这个是student(实际收件人为root)
&
###邮件群发
server端:
[root@mailwestos named]# vim /etc/aliases
97 admin: root ##删除此行
98 student: root ##删除此行
99 more: :include:/etc/moreusers ##指定群发的用户文件
============或=============
99 more: admin,student
[root@mailwestos named]# postalias /etc/aliases ##重新生成db加密文件
[root@mailwestos named]# systemctl restart postfix.service ##重启服务后生效
[root@mailwestos named]# vim /etc/moreusers
1 admin
2 student
创建amdin和student用户:
[root@mailwestos named]# useradd admin
[root@mailwestos named]# useradd student
[root@mailwestos named]# id admin
uid=1001(admin) gid=1001(admin) groups=1001(admin)
[root@mailwestos named]# id student
uid=1000(student) gid=1000(student) groups=1000(student)
测试:
desktop端:
[root@maillinux ~]# mail more@westos.com
Subject: 123
adawdwq
dwadawd
dawdaw
.
EOT
server端:
[root@mailwestos named]# mail -u student
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/student": 2 messages 1 new
>N 2 root Tue Dec 6 02:02 25/912 "123"
[root@mailwestos named]# mail -u admin
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/mail/admin": 1 message 1 new
>N 1 root Tue Dec 6 02:02 25/910 "123"
##两个用户都收到了mail
###mail地址的别名
在desktop端:
[root@maillinux postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport
[root@maillinux postfix]# vim virtual
526900112@qq.com root@westos.com
[root@maillinux postfix]# postmap virtual ##生成virtual.db加密文件
[root@maillinux postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport virtual.db
[root@maillinux postfix]# postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual" ##给/etc/postfix/main.cf主配置文件添加该条参数
[root@maillinux postfix]# systemctl restart postfix.service
测试:
desktop端:
[root@maillinux postfix]# mail 173209146@qq.com
Subject: hehe
dfqwf
qwfwwqfqwf
.
EOT
server端:
[root@mailwestos postfix]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 3 messages 1 new
>N 1 root Tue Dec 6 03:05 22/753 "hehehe"
&
###出站地址伪装
[root@mailwestos named]# cd /etc/postfix/
[root@mailwestos postfix]# vim generic
240 root@westos.com 526900112@qq.com ##前面的是原本的域名,后面的是伪装的域名
[root@mailwestos postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport
[root@mailwestos postfix]# postmap generic ##生成generic.db加密文件
[root@mailwestos postfix]# ls
access generic.db master.cf virtual
canonical header_checks relocated
generic main.cf transport
[root@mailwestos postfix]# postconf -e "smtp_generic_maps = hash:/etc/postfix/generic" ##给/etc/postfix/main.cf主配置文件添加该条参数
[root@mailwestos postfix]# systemctl restart postfix.service
测试:
server端:
[root@mailwestos postfix]# mail root@linux.com
Subject: tbr
dada
w
.
EOT
desktop端:
[root@maillinux ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root Sun Nov 27 03:46 23/749 "tbr"
& 1
Message 1:
From 526900112@qq.com Sun Nov 27 03:46:51 2016
Return-Path: <173209146@qq.com>
X-Original-To: root@linux.com
Delivered-To: root@linux.com
Date: Sun, 27 Nov 2016 03:46:50 -0500
To: root@linux.com
Subject: tbr
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: 173209146@qq.com (root)
Status: R
qweqw
dada
w
&
###通过telnet远程登陆发送邮件
##真实主机上安装Telnet软件(真实主机ip:172.25.254.19)
[root@foundation18 Software]# yum install telnet -y
[root@foundation18 Software]# telnet 172.25.254.219 25 ##通过25端口连接
Trying 172.25.254.218...
Connected to 172.25.254.218.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
500 5.5.2 Error: bad syntax
ehlo hello ##显示如下,则登陆成功
250-mailwestos.westos.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@linux.com ##mail由发送方
250 2.1.0 Ok
rcpt to:root@westos.com ##mail的接受方
250 2.1.5 Ok
data ##输入data之后下面写正文
354 End data with <CR><LF>.<CR><LF>
dada
dawdad
adad
.
250 2.0.0 Ok: queued as 4541524620D
quit ##退出
Connection closed by foreign host.
[root@foundation19 Software]#
###根据ip来拒绝smtp连接请求
##该配置会导致被拒绝的ip主机telnet上邮件服务器之后无法收发邮件(实际是拒绝了smtp连接请求)。注意不要和邮件服务器本地用户的在服务器端直接收发邮件的权限混淆。
[root@mailwestos ~]# cd /etc/postfix/
[root@mailwestos postfix]# vim access
477 172.25.254.18 REJECT ##此处填写拒绝的主机ip
[root@mailwestos postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport
[root@mailwestos postfix]# postmap access ##生成.db加密文件
[root@mailwestos postfix]# ls
access canonical header_checks master.cf transport
access.db generic main.cf relocated virtual
[root@mailwestos postfix]# postconf -d | grep client ##通过该命令查询关于mail-server的client的配置
broken_sasl_auth_clients = no
local_header_rewrite_clients = permit_inet_interfaces
parent_domain_matches_subdomains =
.
.
.
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions = ##应用这条命令
unknown_client_reject_code = 450
[root@mailwestos postfix]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"
##将该条配置加到主配置文件中,注意这里面的access其实指的是access.db文件
[root@mailwestos postfix]# vim /etc/postfix/main.cf ##检查上条命令是否生效
680 smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
##有此行表示生效了
[root@mailwestos postfix]# systemctl restart postfix.service ##重启服务生效
测试:
真实主机(172.25.254.18):
[root@foundation19 Desktop]# telnet 172.25.254.218 25
Trying 172.25.254.218...
Connected to 172.25.254.218.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
ehlo hello ##可以成功telnet到服务器端
250-mailwestos.westos.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:root@westos.com ##此时没有显示报错
250 2.1.0 Ok
rcpt to:root@linux.com ##此时会产生报错,因为client端ip被拒绝了
554 5.7.1 <unknown[172.25.254.18]>: Client host rejected: Access denied
###禁止邮件服务器本地的指定用户发送mail
##该配置会导致被远程登陆上邮件服务器无法使用指定的用户进行发件。注意不要和邮件服务器本地用户的在服务器端直接发邮件的权限混淆。
注意:在该实验之前先将上一个实验中的部分配置删除,否册影响实验
[root@mailwestos postfix]# vim /etc/postfix/main.cf
680 smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
##删除该行
server端:
[root@mailwestos postfix]# vim sender ##这个文件在/etc/postfix/下没有,需要自己创建(可以自命名)
westos@westos.com REJECT ##这里要写用户+域名(此处禁止了server端的westos用户发送mail)
[root@mailwestos postfix]# postmap sender ##生成.db加密文件
[root@mailwestos postfix]# ls
access header_checks mysql-maildir.cf sender.db
access.db main.cf mysql-user.cf transport
canonical master.cf relocated virtual
generic mysql-domain.cf sender
[root@mailwestos postfix]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/posfix/sender"
##将该条配置加到主配置文件中,注意这里面的sender其实指的是sender.db文件
[root@mailwestos postfix]# vim /etc/postfix/main.cf ##检查上条命令是否生效
681 smtpd_sender_restrictions = check_sender_access hash: /etc/posfix/sender
##有此行表示生效了
[root@mailwestos postfix]# systemctl restart postfix.service ##重启服务生效
[root@mailwestos postfix]# useradd westos ##创建westos用户,作为测试用
[westos@mailwestos postfix]$ id westos
uid=1002(westos) gid=1002(westos) groups=1002(westos)
测试:
真实主机(172.25.254.18):
[root@foundation19 Desktop]# telnet 172.25.254.218 25
Trying 172.25.254.218...
Connected to 172.25.254.218.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:westos@westos.com ##注意;此处是用westos用户发送
250 2.1.0 Ok
rcpt to:root@linux.com ##无法发送,发送方的地址被拒绝
451 4.3.5 <westos@westos.com>: Sender address rejected: Access denied
============邮件服务器本地的westos用户还是可以发送的========
server端:
[root@mailwestos postfix]# su - westos
[westos@mailwestos ~]$ mail root@linux.com
Subject: tbr
adwdwq
dawdwad
fawdawd
.
EOT
desktop端:
[root@maillinux ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 westos@westos.com Sat Dec 3 06:00 23/754
& 1
###禁止指定用户接收mail
[root@mailwestos postfix]# vim recip ##这个文件在/etc/postfix/下没有,需要自己创建(可以自命名)
1 westos@westos.com REJECT
[root@mailwestos postfix]# postmap recip ##生成.db加密文件
[root@mailwestos postfix]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"
##将该条配置加到主配置文件中,注意这里面的sender其实指的是sender.db文件
[root@mailwestos postfix]# systemctl restart postfix.service ##重启服务后生效
测试:
真实主机(172.25.254.18)
[root@foundation19 Desktop]# telnet 172.25.254.218 25
Trying 172.25.254.218...
Connected to 172.25.254.218.
Escape character is ‘^]‘.
220 mailwestos.westos.com ESMTP Postfix
mail from:root@westos.com
250 2.1.0 Ok
rcpt to:westos@westos.com
554 5.7.1 <westos@westos.com>: Recipient address rejected: Access denied
###dovecot与mail
server端:
[root@mailwestos ~]# yum install dovecot -y
[root@mailwestos ~]# cd /etc/dovecot/
[root@mailwestos dovecot]# ls
conf.d dovecot.conf
[root@mailwestos dovecot]# vim dovecot.conf
24 protocols = imap pop3 lmtp
46 # for authentication checks). disable_plaintext_auth is also ignored for
49 disable_plaintext_auth = no
[root@mailwestos dovecot]# cd conf.d/
[root@mailwestos conf.d]# vim 10-mail.conf
25 # mail_location = mbox:~/mail:INBOX=/var/mail/%u
30 mail_location = mbox:~/mail:INBOX=/var/mail/%u
[root@mailwestos conf.d]# systemctl start dovecot
[root@mailwestos conf.d]# netstat -antple| grep dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 59637 3274/doveco
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 0 59613 3274/doveco
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 0 59611 3274/doveco
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 0 59635 3274/doveco
tcp6 0 0 :::993 :::* LISTEN 0 59638 3274/doveco
tcp6 0 0 :::995 :::* LISTEN 0 59614 3274/doveco
tcp6 0 0 :::110 :::* LISTEN 0 59612 3274/doveco
tcp6 0 0 :::143 :::* LISTEN 0 59636 3274/doveco
本文出自 “12115084” 博客,请务必保留此出处http://12125084.blog.51cto.com/12115084/1880784
标签:smtp
原文地址:http://12125084.blog.51cto.com/12115084/1880784