码迷,mamicode.com
首页 > 系统相关 > 详细

Linux云自动化运维第十七课

时间:2017-04-22 15:49:49      阅读:491      评论:0      收藏:0      [点我收藏+]

标签:careful   arc   blog   lock   服务   abr   sed   directory   subject   

第四单元 配置电子邮件传输

 

一、基本电子邮件发送

 

1.电子邮件发送

1)服务器使用SMTP协议将电子邮件提交至TCP端口25,或由本地客户端通过/usr/bin/sendmail程序进行提交。如果该MTA是最终目标位置,邮件将传递至MDA。否则,将使用MX记录在DNS中查找下一个MTA,并使用SMTP进行转发。

2)MDA:“邮件发送代理”。MDA将邮件发送至收件人的本地邮件存储位置(默认情况下是/var/spool/mail/user)。Postfix提供自己的MDA,以发送至基于文件的本地默认邮件存储位置/usr/libexec/postfix/local.

3)转发:电子邮件服务器(MTA)将提交的邮件转发至另一个服务器,以进行发送

4)排队:失败的发送或转发尝试排队等待,并由MTA定义重试。(默认情况下,Postfix每小时执行此操作一次)

5)拒绝:在首次提交期间,电子邮件被电子邮件服务器拒绝

6)退回:远程服务器接受电子邮件以进行发送以后,又将该电子邮件退回给始发电子邮件服务器和/或用户

7)电子邮件以进行发送以后,又将该电子邮件退回给始发电子邮件服务器和/或用户

技术分享

a.Postfix由postfix RPM包提供,并通过postfix服务脚本控制。它是一个由多个协同操作程序构成的模块化程序,它的组件由master进程控制。

b.Postfix的主配置文件是/etc/postfix/main.cf,可以使用文本编辑器或postconf命令进行编辑。postconf命令还可用于确定Postfix的所有当前和默认配置设置或逐项确定这些设置。

c.默认情况下,Postfix仅侦听来自本地主机的传入电子邮件。若要重新配置postfix以接收从远程主机发送的本地邮件,必须在/etc/postfix/main.cf中设置inet_interfaces = all

d.对电子邮件进行故障排除时,将在/var/log/maillog中保留所有与邮件相关的操作日志,其中包括关于被事件和成功事件的信息。mailq命令(或postqueue -p)显示已排队的所有传出邮件的列表。若要尝试再次立即发送所有已排队的邮件,可以运行postfix flush命令(或postqueue -f);否则,postfix将大约每小时尝试重新发送一次,直至邮件被接受或过期。

2.重要的Postfix配置指令:可以在/etc/postfix/main.cf文件中找到以下所有指令。

1)myorigin

  重写本地发布的电子邮件,使其显示为来自该域。这样有助于确保响应返回入站邮件服务器

  默认:myorigin = $myhostname

2)inet_interfaces

  控制Postfix侦听传入电子邮件的网络接口。如果设置为loopback-only,仅侦听127.0.0.1和::1,如果设置为all,则侦听所有网络接口。还可以指定特定地址。

  默认:inet_interfaces = localhost

3)mydestination

  收到地址为这些域的电子邮件将传递至MDA,以进行本地发送。

  默认:mydestination = $myhostname, localhost.$mydomain, localhost

4)mynetworks

  IP地址和网络的逗号分隔列表(采用CIDR表示法)。这些地址和网络可以通过此MTA转发至任何位置,无需进一步身份验证。

  默认:mynetworks = 127.0.0.0/8

5)relayhost

  relayhost转发所有通过的出站邮件。通常用方括号指定,以阻止MX记录查找。

  默认:relayhost =

6)local_transport

  收件地址为$mydestination的邮件的发送方式。默认情况下,设置为local:$myhostname(使用Local MDA将传入电子邮件发送到/var/spool/mail中的本地邮件存储位置)

  默认:local_transport = local:$myhostname

7)postconf -d 显示默认值。

8)postconf -n显示不同于默认值的更改。

 

二、空壳邮件客户端

 

  实际上,大多数组织不再只用一个邮件服务器来处理所有入站和出战电子邮件。相反,出于安全方面的考虑邮件服务器专门针对特定角色进行了设置,以便可以面向其具体针

对的应用程序更好标准角色包括:

1.null客户端:运行本地MTA的客户端计算机,使所有电子邮件都可以转发至中央邮件服务器以进行发送,null客户端不接受任何电子邮件的本地发送。

2.仅入站邮件服务器:在站点处理用户的所有传入电子邮件,并将之传递给MDA以发送至用户邮件存储位置的邮件服务器。在实际情况中,通常会在仅入站邮件服务器前端安装反垃圾邮件服务器或设备,以过滤垃圾邮件并且仅将 正常邮件转发至入站邮件服务器。

3.出站邮件转发:出站邮件转发(或“smarthost”)接收所有出站邮件,并使用MX记录和SMTP协议将邮件转发至目标位置 。

技术分享

技术分享

 

三、示例

 

1.配置基本环境

#mail-qq端

[root@mail-qq ~]# yum install bind -y

[root@mail-qq ~]# vim /etc/named.conf    #允许所有主机连接

#//      listen-on port 53 { 127.0.0.1; };

#//      listen-on-v6 port 53 { ::1; };

#        directory       "/var/named";

#        dump-file       "/var/named/data/cache_dump.db";

#        statistics-file "/var/named/data/named_stats.txt";

#        memstatistics-file "/var/named/data/named_mem_stats.txt";

#//      allow-query     { localhost; };

#        dnssec-enable yes;

#        dnssec-validation no;

#        dnssec-lookaside auto;

[root@mail-qq ~]# vim /etc/named.rfc1912.zones    #正向解析

#zone "qq.com" IN {

#        type master;

#        file "qq.com.zone";

#        allow-update { none; };

#};

#zone "westos.com" IN {

#        type master;

#        file "westos.com.zone";

#        allow-update { none; };

#};

[root@mail-qq named]# cd /var/named/

[root@mail-qq named]# ls

data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves

[root@mail-qq named]# cp -p named.localhost qq.com.zone

[root@mail-qq named]# vim qq.com.zone

[root@mail-qq named]# cat qq.com.zone

$TTL 1D

@ IN SOA dns.qq.com. root.qq.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.qq.com.

dns A 172.25.254.142

qq.com. MX 1 172.25.254.142.

[root@mail-qq named]# cp -p qq.com.zone westos.com.zone

[root@mail-qq named]# vim westos.com.zone

[root@mail-qq named]# cat westos.com.zone

$TTL 1D

@ IN SOA dns.westos.com. root.westos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.westos.com.

dns A 172.25.254.142

westos.com. MX 1 172.25.254.242.

[root@mail-qq named]# systemctl start named

[root@mail-qq named]# systemctl stop firewalld.service

[root@mail-qq named]# systemctl disable firewalld.service

rm ‘/etc/systemd/system/basic.target.wants/firewalld.service‘

rm ‘/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service‘

[root@mail-qq named]# vim /etc/resolv.conf

[root@mail-qq named]# cat /etc/resolv.conf

# Generated by NetworkManager

search qq.com

nameserver 172.25.254.142

[root@mail-qq named]# dig -t mx qq.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx qq.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8303

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;qq.com. IN MX

 

;; ANSWER SECTION:

qq.com. 86400 IN MX 1 172.25.254.142.

 

;; AUTHORITY SECTION:

qq.com. 86400 IN NS dns.qq.com.

 

;; ADDITIONAL SECTION:

dns.qq.com. 86400 IN A 172.25.254.142

 

;; Query time: 0 msec

;; SERVER: 172.25.254.142#53(172.25.254.142)

;; WHEN: Thu Apr 20 21:59:10 EDT 2017

;; MSG SIZE  rcvd: 99

 

[root@mail-qq named]# dig -t mx westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57470

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;westos.com. IN MX

 

;; ANSWER SECTION:

westos.com. 86400 IN MX 1 172.25.254.242.

 

;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.142

 

;; Query time: 0 msec

;; SERVER: 172.25.254.142#53(172.25.254.142)

;; WHEN: Thu Apr 20 21:59:16 EDT 2017

;; MSG SIZE  rcvd: 103

 

 

 

 

 

 

#mail-westos端

[root@mail-westos ~]# systemctl stop firewalld.service

[root@mail-westos ~]# systemctl disable firewalld.service

rm ‘/etc/systemd/system/basic.target.wants/firewalld.service‘

rm ‘/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service‘

[root@mail-westos ~]# vim /etc/resolv.conf

[root@mail-westos ~]# cat /etc/resolv.conf

# Generated by NetworkManager

search westos.com

nameserver 172.25.254.142

[root@mail-westos ~]# dig -t mx qq.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx qq.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46511

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;qq.com. IN MX

 

;; ANSWER SECTION:

qq.com. 86400 IN MX 1 172.25.254.142.

 

;; AUTHORITY SECTION:

qq.com. 86400 IN NS dns.qq.com.

 

;; ADDITIONAL SECTION:

dns.qq.com. 86400 IN A 172.25.254.142

 

;; Query time: 1 msec

;; SERVER: 172.25.254.142#53(172.25.254.142)

;; WHEN: Thu Apr 20 21:57:54 EDT 2017

;; MSG SIZE  rcvd: 99

 

[root@mail-westos ~]# dig -t mx westos.com

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx westos.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21706

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;westos.com. IN MX

 

;; ANSWER SECTION:

westos.com. 86400 IN MX 1 172.25.254.242.

 

;; AUTHORITY SECTION:

westos.com. 86400 IN NS dns.westos.com.

 

;; ADDITIONAL SECTION:

dns.westos.com. 86400 IN A 172.25.254.142

 

;; Query time: 0 msec

;; SERVER: 172.25.254.142#53(172.25.254.142)

;; WHEN: Thu Apr 20 21:58:01 EDT 2017

;; MSG SIZE  rcvd: 103

 

[root@mail-westos ~]#

 

 

2.发邮件收邮件

#mail-qq端

[root@mail-qq named]# >/var/log/maillog

[root@mail-qq named]# mail root@westos.com

Subject: aa

aa

.

EOT

[root@mail-qq named]# mailq

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------

DDCC017E876      416 Thu Apr 20 22:30:02  root@mail-qq.qq.com

            (connect to 172.25.254.242[172.25.254.242]:25: Connection refused)

                                         root@westos.com

 

-- 0 Kbytes in 1 Request.

[root@mail-qq named]# cat /var/log/maillog

Apr 20 22:30:02 mail-qq postfix/pickup[1380]: DDCC017E876: uid=0 from=<root>

Apr 20 22:30:02 mail-qq postfix/cleanup[30746]: DDCC017E876: message-id=<20170421023002.DDCC017E876@mail-qq.qq.com>

Apr 20 22:30:02 mail-qq postfix/qmgr[1381]: DDCC017E876: from=<root@mail-qq.qq.com>, size=416, nrcpt=1 (queue active)

Apr 20 22:30:02 mail-qq postfix/smtp[30748]: warning: numeric domain name in resource data of MX record for westos.com: 172.25.254.242

Apr 20 22:30:02 mail-qq postfix/smtp[30748]: connect to 172.25.254.242[172.25.254.242]:25: Connection refused

Apr 20 22:30:03 mail-qq postfix/smtp[30748]: DDCC017E876: to=<root@westos.com>, relay=none, delay=0.15, delays=0.13/0.02/0/0, dsn=4.4.1, status=deferred (connect to 172.25.254.242[172.25.254.242]:25: Connection refused)

[root@mail-qq named]# netstat -antlpe | grep master

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          24066      1379/master         

tcp6       0      0 ::1:25                  :::*                    LISTEN      0          24067      1379/master         

[root@mail-qq named]# vim /etc/postfix/main.cf

#116 inet_interfaces = all

[root@mail-qq named]# systemctl restart postfix.service

[root@mail-qq named]# netstat -antlpe | grep master

tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      0          108540     30966/master        

tcp6       0      0 :::25                   :::*                    LISTEN      0          108541     30966/master        

[root@mail-qq named]# postqueue -f

[root@mail-qq named]# mailq

Mail queue is empty

[root@mail-qq named]# >/var/log/maillog

[root@mail-qq named]# vim /etc/postfix/main.cf

#164 mydestination = $myhostname, $mydomain, localhost

# 76 myhostname = mail-qq.qq.com

# 83 mydomain = qq.com

# 99 myorigin = $mydomain

[root@mail-qq named]# systemctl restart postfix.service

[root@mail-qq named]# mail root@westos.com

Subject: 233

233

.

EOT

[root@mail-qq named]# mailq

Mail queue is empty

 

[root@mail-qq named]# mail

Heirloom Mail version 12.5 7/5/10.  Type ? for help.

"/var/spool/mail/root": 2 messages 1 new

    1 user@localhost.local  Thu Apr 20 21:30 518/36184 "[abrt] full crash report"

>N  2 root                  Thu Apr 20 22:46  21/700   "33"

& 2

Message  2:

From root@westos.com  Thu Apr 20 22:46:44 2017

Return-Path: <root@westos.com>

X-Original-To: root@qq.com

Delivered-To: root@qq.com

Date: Thu, 20 Apr 2017 22:46:44 -0400

To: root@qq.com

Subject: 33

User-Agent: Heirloom mailx 12.5 7/5/10

Content-Type: text/plain; charset=us-ascii

From: root@westos.com (root)

Status: R

 

33

 

& q

Held 2 messages in /var/spool/mail/root

You have mail in /var/spool/mail/root

 

 

#mail-westos端

[root@mail-westos ~]# >/var/log/maillog

[root@mail-westos ~]# netstat -antlpe | grep master

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          24357      1374/master         

tcp6       0      0 ::1:25                  :::*                    LISTEN      0          24358      1374/master          

[root@mail-westos ~]# vim /etc/postfix/main.cf

#116 inet_interfaces = all

[root@mail-westos ~]# systemctl restart postfix.service

[root@mail-westos ~]# netstat -antlpe | grep master

tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      0          108525     30540/master        

tcp6       0      0 :::25                   :::*                    LISTEN      0          108526     30540/master        

[root@mail-westos ~]# mailq

Mail queue is empty

[root@mail-westos ~]# mail

Heirloom Mail version 12.5 7/5/10.  Type ? for help.

"/var/spool/mail/root": 1 message 1 new

>N  1 user@localhost.local  Thu Apr 20 21:40 515/36032 "[abrt] full crash report"

& q

Held 1 message in /var/spool/mail/root

[root@mail-westos ~]# >/var/log/maillog

[root@mail-westos ~]# vim /etc/postfix/main.cf

#164 mydestination = $myhostname, $mydomain, localhost

# 76 myhostname = mail-westos.westos.com

# 83 mydomain = westos.com

# 99 myorigin = $mydomain

[root@mail-westos ~]# systemctl restart postfix.service

[root@mail-westos ~]# mailq

Mail queue is empty

[root@mail-westos ~]# mail

Heirloom Mail version 12.5 7/5/10.  Type ? for help.

"/var/spool/mail/root": 2 messages 1 new 2 unread

 U  1 user@localhost.local  Thu Apr 20 21:40 516/36042 "[abrt] full crash report"

>N  2 root                  Thu Apr 20 22:44  21/704   "233"

& 2

Message  2:

From root@qq.com  Thu Apr 20 22:44:34 2017

Return-Path: <root@qq.com>

X-Original-To: root@westos.com

Delivered-To: root@westos.com

Date: Thu, 20 Apr 2017 22:44:33 -0400

To: root@westos.com

Subject: 233

User-Agent: Heirloom mailx 12.5 7/5/10

Content-Type: text/plain; charset=us-ascii

From: root@qq.com (root)

Status: R

 

233

 

& q

Held 2 messages in /var/spool/mail/root

[root@mail-westos ~]# mail root@qq.com

Subject: 33

33

.

EOT

[root@mail-westos ~]# mailq

Mail queue is empty

[root@mail-westos ~]#

 

3.远程发邮件

[kiosk@foundation42 yum.repos.d]$ telnet 172.25.254.142 25

Trying 172.25.254.142...

Connected to 172.25.254.142.

Escape character is ‘^]‘.

220 mail-qq.qq.com ESMTP Postfix

mail from:root@qq.com

250 2.1.0 Ok

rcpt to:root@westos.com

250 2.1.5 Ok

data

354 End data with <CR><LF>.<CR><LF>

aaaaaaaa

aaaaaaaaaaaaa

.

250 2.0.0 Ok: queued as 2069117E876

quit

221 2.0.0 Bye

Connection closed by foreign host.

[kiosk@foundation42 yum.repos.d]$

 

[root@mail-westos ~]# mail

Heirloom Mail version 12.5 7/5/10.  Type ? for help.

"/var/spool/mail/root": 3 messages 1 new 2 unread

 U  1 user@localhost.local  Thu Apr 20 21:40 516/36042 "[abrt] full crash report"

    2 root                  Thu Apr 20 22:44  22/715   "233"

>N  3 root@qq.com           Thu Apr 20 23:04  14/496   

& 3

Message  3:

From root@qq.com  Thu Apr 20 23:04:18 2017

Return-Path: <root@qq.com>

X-Original-To: root@westos.com

Delivered-To: root@westos.com

Status: R

 

aaaaaaaa

aaaaaaaaaaaaa

 

& q

Held 3 messages in /var/spool/mail/root

You have mail in /var/spool/mail/root

[root@mail-westos ~]#

 

 

4.远程接受邮件

######配置了DNS的服务端######

[root@mail-qq named]# mail student@westos.com    #向用户student@westos.com发送邮件

Subject: 2333

2333

.

EOT

[root@mail-qq named]# mailq    #邮件已发送

Mail queue is empty

[root@mail-qq named]# mail

No mail for root

[root@mail-qq named]#

######拥有dovecot的客户端######

[root@mail-westos ~]# mail

No mail for root

[root@mail-westos ~]# mail -u student

Heirloom Mail version 12.5 7/5/10.  Type ? for help.

"/var/mail/student": 1 message 1 new

>N  1 root                  Thu Apr 20 23:23  21/718   "2333"

& 1

Message  1:

From root@qq.com  Thu Apr 20 23:23:45 2017

Return-Path: <root@qq.com>

X-Original-To: student@westos.com

Delivered-To: student@westos.com

Date: Thu, 20 Apr 2017 23:23:44 -0400

To: student@westos.com

Subject: 2333

User-Agent: Heirloom mailx 12.5 7/5/10

Content-Type: text/plain; charset=us-ascii

From: root@qq.com (root)

Status: R

 

2333

 

& q

Held 1 message in /var/mail/student

[root@mail-westos ~]# yum install dovecot -y   #下载dovecot,用来接受文件,993-pop3s,995-imaps,110-pop,143-imap

[root@mail-westos ~]# systemctl restart dovecot

[root@mail-westos ~]# netstat -antlpe | grep dovecot

tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      0          132321     31303/dovecot       

tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      0          132297     31303/dovecot       

tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      0          132295     31303/dovecot       

tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      0          132319     31303/dovecot       

tcp6       0      0 :::993                  :::*                    LISTEN      0          132322     31303/dovecot       

tcp6       0      0 :::995                  :::*                    LISTEN      0          132298     31303/dovecot       

tcp6       0      0 :::110                  :::*                    LISTEN      0          132296     31303/dovecot       

tcp6       0      0 :::143                  :::*                    LISTEN      0          132320     31303/dovecot       

[root@mail-westos ~]# >/var/log/maillog

 

[kiosk@foundation42 ~]$ mutt -f pop://student@172.25.254.242

 

[root@mail-westos ~]# cat /var/log/maillog

Apr 20 23:28:33 mail-westos dovecot: pop3-login: Login: user=<student>, method=PLAIN, rip=172.25.254.42, lip=172.25.254.242, mpid=31358, TLS, session=<KXkj2qRNEgCsGf4q>

Apr 20 23:28:33 mail-westos dovecot: pop3(student): Error: user student: Initialization failed: Namespace ‘‘: Mail storage autodetection failed with home=/home/student

Apr 20 23:28:33 mail-westos dovecot: pop3(student): Error: Invalid user settings. Refer to server log for more information.

Apr 20 23:28:39 mail-westos dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=172.25.254.42, lip=172.25.254.242, session=<Xb1/2qRNEwCsGf4q>

[root@mail-westos ~]# vim /etc/dovecot/dovecot.conf

# 24 protocols = imap pop3 lmtp

# 49 disable_plaintext_auth = no

[root@mail-westos ~]# vim /etc/dovecot/conf.d/10-mail.conf

# 30 mail_location = mbox:~/mail:INBOX=/var/mail/%u

[root@mail-westos ~]# systemctl restart dovecot.service

[root@mail-westos ~]# >/var/log/maillog

 

[kiosk@foundation42 ~]$ mutt -f pop://student@172.25.254.242

 

[root@mail-westos ~]# cat /var/log/maillog

Apr 20 23:31:47 mail-westos dovecot: pop3-login: Login: user=<student>, method=PLAIN, rip=172.25.254.42, lip=172.25.254.242, mpid=31489, TLS, session=<VzG15aRNFACsGf4q>

Apr 20 23:31:47 mail-westos dovecot: pop3(student): Error: chown(/home/student/mail/.imap, group=12(mail)) failed: Operation not permitted (egid=1000(student), group based on /var/mail/student - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)

Apr 20 23:31:47 mail-westos dovecot: pop3(student): Error: Couldn‘t open INBOX: Permission denied

Apr 20 23:31:47 mail-westos dovecot: pop3(student): Couldn‘t open INBOX top=0/0, retr=0/0, del=0/0, size=0

Apr 20 23:31:53 mail-westos dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=172.25.254.42, lip=172.25.254.242, session=<D50R5qRNFQCsGf4q>

[root@mail-westos ~]# su - student

[student@mail-westos ~]$ mkdir /home/student/mail/.imap

[student@mail-westos ~]$ exit

logout

[root@mail-westos ~]# >/var/log/maillog

 

[kiosk@foundation42 ~]$ mutt -f pop://student@172.25.254.242

 

[root@mail-westos ~]# cat /var/log/maillog

Apr 20 23:33:07 mail-westos dovecot: pop3-login: Login: user=<student>, method=PLAIN, rip=172.25.254.42, lip=172.25.254.242, mpid=31541, TLS, session=<OwF/6qRNGACsGf4q>

Apr 20 23:33:07 mail-westos dovecot: pop3(student): Error: chown(/home/student/mail/.imap/INBOX, group=12(mail)) failed: Operation not permitted (egid=1000(student), group based on /var/mail/student - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)

Apr 20 23:33:07 mail-westos dovecot: pop3(student): Error: Couldn‘t open INBOX: Permission denied

Apr 20 23:33:07 mail-westos dovecot: pop3(student): Couldn‘t open INBOX top=0/0, retr=0/0, del=0/0, size=0

Apr 20 23:33:13 mail-westos dovecot: pop3-login: Aborted login (tried to use disallowed plaintext auth): user=<>, rip=172.25.254.42, lip=172.25.254.242, session=<E2Xb6qRNGQCsGf4q>

[root@mail-westos ~]# su - student

Last login: Thu Apr 20 23:32:12 EDT 2017 on pts/0

[student@mail-westos ~]$ touch /home/student/mail/.imap/INBOX

[student@mail-westos ~]$ exit

logout

[root@mail-westos ~]#

 

[kiosk@foundation42 ~]$ mutt -f pop://student@172.25.254.242

1 kept, 0 deleted.

 

5.远程图形界面接发邮件

######真机,下载邮件客户端thunderbird######

[root@foundation42 ~]# rpm -ivh /home/kiosk/Desktop/thunderbird-31.2.0-1.el7.x86_64.rpm

warning: /home/kiosk/Desktop/thunderbird-31.2.0-1.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY

Preparing...                          ################################# [100%]

Updating / installing...

   1:thunderbird-31.2.0-1.el7         ################################# [100%]

[root@foundation42 ~]# thunderbird

######拥有dovecot的客户端######

[root@mail-westos ~]# vim /etc/dovecot/dovecot.conf

# 48 login_trusted_networks = 0.0.0.0/0    #接受所有主机的发送过来的邮件

[root@mail-westos ~]# systemctl restart dovecot.service

######配置了DNS的服务端######

[root@mail-qq named]# vim /etc/named.rfc1912.zones     #dns正向解析

# 37 zone "eastos.com" IN {

# 38         type master;

# 39         file "eastos.com.zone";

# 40         allow-update { none; };

# 41 };

[root@mail-qq named]# ls

data  dynamic  named.ca  named.empty  named.localhost  named.loopback  qq.com.zone  slaves  westos.com.zone

[root@mail-qq named]# cp -p westos.com.zone eastos.com.zone

[root@mail-qq named]# vim eastos.com.zone

[root@mail-qq named]# cat eastos.com.zone

$TTL 1D

@ IN SOA dns.eastos.com. root.eastos.com. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

NS dns.eastos.com.

dns A 172.25.254.142

eastos.com. MX 1 172.25.254.116.

[root@mail-qq named]# systemctl restart named

 

6.连接数据库的虚拟帐号

######创建email数据库,emailuser虚拟用户数据表######

[root@mail-qq named]# yum install mariadb-server -y    #下载mysql

[root@mail-qq named]# vim /etc/my.cnf

# 10 skip-networking=1    #跳过网络端口,不对外开放

[root@mail-qq named]# systemctl restart mariadb

[root@mail-qq named]# mysql_secure_installation    #mysql安全安装加密

/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found

 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

 

In order to log into MariaDB to secure it, we‘ll need the current

password for the root user.  If you‘ve just installed MariaDB, and

you haven‘t set the root password yet, the password will be blank,

so you should just press enter here.

 

Enter current password for root (enter for none):

OK, successfully used password, moving on...

 

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

 

Set root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

 ... Success!

 

 

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

 

Remove anonymous users? [Y/n] y

 ... Success!

 

Normally, root should only be allowed to connect from ‘localhost‘.  This

ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n] y

 ... Success!

 

By default, MariaDB comes with a database named ‘test‘ that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

 

Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!

 

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

 

Reload privilege tables now? [Y/n] y

 ... Success!

 

Cleaning up...

 

All done!  If you‘ve completed all of the above steps, your MariaDB

installation should now be secure.

 

Thanks for using MariaDB!

[root@mail-qq named]# yum install httpd php php-mysql -y    #下载httpd,php,php-mysql

[root@mail-qq html]# lftp 172.25.254.250

lftp 172.25.254.250:~> cd pub/docs/software/

lftp 172.25.254.250:/pub/docs/software> ls

-rwxr-xr-x    1 1000     1000      3086326 Dec 25  2013 phpMyAdmin-2.11.3-all-languages.tar.bz2

-rwxr-xr-x    1 1000     1000      4548030 Dec 25  2013 phpMyAdmin-3.4.0-all-languages.tar.bz2

-rw-rw-r--    1 1000     1000      2713600 Jun 07  2015 taobao.tar

-rwxr-xr-x    1 1000     1000     52387876 Feb 01  2015 thunderbird-31.2.0-1.el7.x86_64.rpm

-rwxr-xr-x    1 1000     1000     36902724 Feb 01  2015 thunderbird-31.4.0.tar.bz2

lftp 172.25.254.250:/pub/docs/software> get phpMyAdmin-3.4.0-all-languages.tar.bz2

4548030 bytes transferred                                                 

lftp 172.25.254.250:/pub/docs/software> quit

[root@mail-qq html]# ls

phpMyAdmin-3.4.0-all-languages.tar.bz2

[root@mail-qq html]# tar jxf phpMyAdmin-3.4.0-all-languages.tar.bz2

[root@mail-qq html]# ls

phpMyAdmin-3.4.0-all-languages  phpMyAdmin-3.4.0-all-languages.tar.bz2

[root@mail-qq html]# rm -fr phpMyAdmin-3.4.0-all-languages.tar.bz2

[root@mail-qq html]# ls

phpMyAdmin-3.4.0-all-languages

[root@mail-qq html]# mv phpMyAdmin-3.4.0-all-languages/ mysqladmin

[root@mail-qq html]# ls

mysqladmin

[root@mail-qq html]# cd mysqladmin/

[root@mail-qq mysqladmin]# cp config.sample.inc.php config.inc.php

[root@mail-qq mysqladmin]# vim config.inc.php

# 17 $cfg[‘blowfish_secret‘] = ‘westos‘;

[root@mail-qq mysqladmin]# systemctl restart httpd

[root@mail-qq mysqladmin]# firefox

######授权给postfix用户######

[root@mail-qq mysqladmin]# mysql -uroot -pwestos

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 26

Server version: 5.5.35-MariaDB MariaDB Server

 

Copyright (c) 2000, 2013, Oracle, Monty Program Ab and others.

 

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

 

MariaDB [(none)]> CREATE USER postfix@localhost identified by "postfix";

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT INSERT,SELECT,UPDATE ON email.* to postfix@localhost;

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> quit

Bye

[root@mail-qq mysqladmin]# firefox

######创建vmail用户,作为虚拟用户的使用身份######

[root@mail-qq mysqladmin]# cd

[root@mail-qq ~]# groupadd -g 888 vmail

[root@mail-qq ~]# useradd -g 888 -u 888 vmail

[root@mail-qq ~]# cd /home/vmail/

######建立postfix文件mailuser.cf,maildomain.cf,mailbox.cf,可查找虚拟用户名,domain,以及maildir目录######

[root@mail-qq vmail]# cd /etc/postfix/

[root@mail-qq postfix]# ls

access     generic        main.cf    relocated  virtual

canonical  header_checks  master.cf  transport

[root@mail-qq postfix]# vim mailuser.cf

[root@mail-qq postfix]# cat mailuser.cf

hosts = localhost

user = postfix

password = postfix

dbname = email

table = emailuser

select_field = username

where_field = username

[root@mail-qq postfix]# postmap -q "lee@westos.com" mysql:/etc/postfix/mailuser.cf

lee@westos.com

[root@mail-qq postfix]# postmap -q "loo@westos.com" mysql:/etc/postfix/mailuser.cf

[root@mail-qq postfix]# cp mailuser.cf maildomain.cf

[root@mail-qq postfix]# cp mailuser.cf mailbox.cf

[root@mail-qq postfix]# vim maildomain.cf

[root@mail-qq postfix]# cat maildomain.cf

hosts = localhost

user = postfix

password = postfix

dbname = email

table = emailuser

select_field = domain    #既定事实,数据表的段名

where_field = domain    #想要查找的domain

[root@mail-qq postfix]# postmap -q "westos.com" mysql:/etc/postfix/maildomain.cf

westos.com

[root@mail-qq postfix]# postmap -q "qq.com" mysql:/etc/postfix/maildomain.cf

[root@mail-qq postfix]# vim mailbox.cf

[root@mail-qq postfix]# cat mailbox.cf

hosts = localhost

user = postfix

password = postfix

dbname = email

table = emailuser

select_field = maildir

where_field = username

[root@mail-qq postfix]# postmap -q "lee@westos.com" mysql:/etc/postfix/mailbox.cf

/var/spool/westos.com/lee/

[root@mail-qq postfix]# postmap -q "loo@westos.com" mysql:/etc/postfix/mailbox.cf

[root@mail-qq postfix]#

######用虚拟用户发送邮件######

[root@mail-qq postfix]# postconf -d | grep virtual

address_verify_virtual_transport = $virtual_transport

propagate_unmatched_extensions = canonical, virtual

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps

unknown_virtual_alias_reject_code = 550

unknown_virtual_mailbox_reject_code = 550

virtual_alias_domains = $virtual_alias_maps

virtual_alias_expansion_limit = 1000

virtual_alias_maps = $virtual_maps

virtual_alias_recursion_limit = 1000

virtual_delivery_slot_cost = $default_delivery_slot_cost

virtual_delivery_slot_discount = $default_delivery_slot_discount

virtual_delivery_slot_loan = $default_delivery_slot_loan

virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit

virtual_destination_concurrency_limit = $default_destination_concurrency_limit

virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback

virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback

virtual_destination_rate_delay = $default_destination_rate_delay

virtual_destination_recipient_limit = $default_destination_recipient_limit

virtual_extra_recipient_limit = $default_extra_recipient_limit

virtual_gid_maps =

virtual_initial_destination_concurrency = $initial_destination_concurrency

virtual_mailbox_base =

virtual_mailbox_domains = $virtual_mailbox_maps

virtual_mailbox_limit = 51200000

virtual_mailbox_lock = fcntl, dotlock

virtual_mailbox_maps =

virtual_minimum_delivery_slots = $default_minimum_delivery_slots

virtual_minimum_uid = 100

virtual_recipient_limit = $default_recipient_limit

virtual_recipient_refill_delay = $default_recipient_refill_delay

virtual_recipient_refill_limit = $default_recipient_refill_limit

virtual_transport = virtual

virtual_uid_maps =

[root@mail-qq postfix]# postconf -e "virtual_mailbox_base = /home/vmail"

[root@mail-qq postfix]# postconf -e "virtual_uid_maps = static:888"

[root@mail-qq postfix]# postconf -e "virtual_gid_maps = static:888"

[root@mail-qq postfix]# postconf -e "virtual_alias_maps = mysql:/etc/postfix/mailuser.cf"

[root@mail-qq postfix]# postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/maildomain.cf"

[root@mail-qq postfix]# postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mailbox.cf"

[root@mail-qq postfix]# postmap -q "lee@westos.com" mysql:/etc/postfix/mailuser.cf

lee@westos.com

[root@mail-qq postfix]# postmap -q "lee@westos.com" mysql:/etc/postfix/mailbox.cf

/var/spool/westos.com/lee/

[root@mail-qq postfix]# postmap -q "westos.com" mysql:/etc/postfix/maildomain.cf

westos.com

[root@mail-qq postfix]# cd /home/vmail/

[root@mail-qq vmail]# ls

[root@mail-qq vmail]# mail lee@westos.com

Subject: 233333

23333333333333333333333

.

EOT

[root@mail-qq vmail]# ls

westos.com

[root@mail-qq vmail]# cd westos.com/

[root@mail-qq westos.com]# ls

lee

[root@mail-qq westos.com]# cd lee/

[root@mail-qq lee]# ls

cur  new  tmp

[root@mail-qq new]# cat Cmysql:/etc/postfix/maildomain.cf

cat: Cmysql:/etc/postfix/maildomain.cf: No such file or directory

[root@mail-qq new]# cd ..

[root@mail-qq lee]# cat new/1492763498.Vfd01I134975bM202916.mail-qq.qq.com

Return-Path: <root@qq.com>

X-Original-To: lee@westos.com

Delivered-To: lee@westos.com

Received: by mail-qq.qq.com (Postfix, from userid 0)

id 13A1B26D8BE; Fri, 21 Apr 2017 04:31:37 -0400 (EDT)

Date: Fri, 21 Apr 2017 04:31:37 -0400

To: lee@westos.com

Subject: 233333

User-Agent: Heirloom mailx 12.5 7/5/10

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

Message-Id: <20170421083138.13A1B26D8BE@mail-qq.qq.com>

From: root@qq.com (root)

 

23333333333333333333333

[root@mail-qq lee]# cd ..

[root@mail-qq westos.com]# cd ..

[root@mail-qq vmail]# ls

westos.com

[root@mail-qq vmail]# mail loo@163.com

Subject: 199999

1999999

.

EOT

[root@mail-qq vmail]# ls

163.com  westos.com

[root@mail-qq vmail]# cd 163.com/

[root@mail-qq 163.com]# ls

loo

[root@mail-qq 163.com]# cd loo/

[root@mail-qq loo]# ls

cur  new  tmp

[root@mail-qq loo]# cat new/1492763826.Vfd01I300e415M855100.mail-qq.qq.com

Return-Path: <root@qq.com>

X-Original-To: loo@163.com

Delivered-To: loo@163.com

Received: by mail-qq.qq.com (Postfix, from userid 0)

id BD6F63259; Fri, 21 Apr 2017 04:37:06 -0400 (EDT)

Date: Fri, 21 Apr 2017 04:37:06 -0400

To: loo@163.com

Subject: 199999

User-Agent: Heirloom mailx 12.5 7/5/10

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

Message-Id: <20170421083706.BD6F63259@mail-qq.qq.com>

From: root@qq.com (root)

 

1999999

[root@mail-qq loo]# 

Linux云自动化运维第十七课

标签:careful   arc   blog   lock   服务   abr   sed   directory   subject   

原文地址:http://www.cnblogs.com/Virgo-sept/p/6747742.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!