码迷,mamicode.com
首页 > 其他好文 > 详细

CentOS7部署DNS和E-mail服务

时间:2017-10-16 12:13:49      阅读:8515      评论:0      收藏:0      [点我收藏+]

标签:centos7   dns   email   

配置DNS服务


安装bind包

yum install bind bind-utils

编辑主配置文件,更改如下参数

vi /etc/named.conf

listen-on port 53 { any; };

allow-query     { any; };

include "/etc/named.rfc1912.zones";


定义zone,正向和反向解析配置

vi /etc/named.rfc1912.zones

zone "localyum.com" IN {

    type master;

    file "localyum.com.zone";

    allow-update { none; };

};


zone "71.80.168.192.in-addr.arpa" IN {

    type master;

    file "192.168.80.71.zone";

    allow-update { none; };

};


定义正向解析文件

cd /var/named/

cp named.localhost localyum.com.zone

vi localyum.com.zone

$TTL 1D
$ORIGIN localyum.com.
@   IN  SOA  ns.localyum.com. admin.localyum.com. (
                            2017101401      ; serial
                            1H      ; refresh
                            10M     ; retry
                            1W      ; expire
                            3H )    ; minimum
        NS      ns
        MX  10  mail
ns      A   192.168.80.71
mail    A   192.168.80.71
www     A   192.168.80.71

定义反向解析文件

chmod .named localyum.com.zone 

named-checkconf  #检查配置文件

named-checkzone localyum.com /var/named/localyum.com.zone   #检查域名配置

cp named.loopback 192.168.80.zone

vi 192.168.80.71.zone 

$TTL 1D
@   IN  SOA  ns.localyum.com. admin.localyum.com. (
                            001       ; serial
                            1D      ; refresh
                            1H      ; retry
                            1W      ; expire
                            3H )    ; minimum
        NS      @
        A       192.168.80.71
        PTR     www.localyum.com.
        PTR     mail.localyum.com.

重载配置或重启dns服务,注意看日志是否报错

chown .named 192.168.80.zone

named-checkconf

rndc reload 或者 systemctl restart named

ss -tnl


先测试外网dns解析

more /etc/resolv.conf 

ip route

host www.baidu.com

dig -t NS www.qq.com

dig -t NS .  #是否能够解析互联网根dns服务器


添加本地dns地址

cd /etc/sysconfig/network-scripts/

vi ifcfg-eth1

DNS1=192.168.80.71

DNS2=192.168.80.2


systemctl restart network

more /etc/resolv.conf  #显示如下

nameserver 192.168.80.71

nameserver 192.168.80.2


测试本地dns解析

ip route

host -t A www.localyum.com

dig -t A www.localyum.com @192.168.80.71

dig -t NS . @192.168.80.71

dig -t MX mail.localyum.com @192.168.80.71

dig -x 192.168.80.71 @192.168.80.71


MX记录还是有问题!



解析结果:

[root@c1 named]# host -t A www.localyum.com

www.localyum.com has address 192.168.80.76

###正向解析

[root@c1 named]# dig -t A www.localyum.com @192.168.80.71

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t A www.localyum.com @192.168.80.71
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60945
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.localyum.com.              IN      A
;; ANSWER SECTION:
www.localyum.com.       86400   IN      A       192.168.80.76
;; AUTHORITY SECTION:
localyum.com.           86400   IN      NS      ns.localyum.com.
;; ADDITIONAL SECTION:
ns.localyum.com.        86400   IN      A       192.168.80.71
;; Query time: 0 msec
;; SERVER: 192.168.80.71#53(192.168.80.71)
;; WHEN: Sun Oct 15 20:45:59 CST 2017
;; MSG SIZE  rcvd: 94

###反向解析

[root@c1 named]# dig -x 192.168.80.71 @192.168.80.71

; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -x 192.168.80.71 @192.168.80.71
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46195
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;71.80.168.192.in-addr.arpa.    IN      PTR
;; ANSWER SECTION:
71.80.168.192.in-addr.arpa. 86400 IN    PTR     mail.localyum.com.
71.80.168.192.in-addr.arpa. 86400 IN    PTR     www.localyum.com.
;; AUTHORITY SECTION:
71.80.168.192.in-addr.arpa. 86400 IN    NS      71.80.168.192.in-addr.arpa.
;; ADDITIONAL SECTION:
71.80.168.192.in-addr.arpa. 86400 IN    A       192.168.80.71
;; Query time: 1 msec
;; SERVER: 192.168.80.71#53(192.168.80.71)
;; WHEN: Sun Oct 15 20:45:24 CST 2017
;; MSG SIZE  rcvd: 134

##########################


配置E-mail服务


安装软件包

yum install postfix dovecot cyrus-sasl-*


配置postfix

vi /etc/postfix/main.cf   #参考如下修改,有些参数是默认的不用改,最后的smtpd_sasl配置需手动添加

grep "^[^#]"  /etc/postfix/man.cf

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.localyum.com
mydomain = localyum.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain
local_recipient_maps =
unknown_local_recipient_reject_code = 550
mynetworks = 0.0.0.0/0
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination,permit_mynetworks
smtpd_client_restrictions = permit_sasl_authenticated


配置dovecot

vi /etc/dovecot/dovecot.conf 

protocols = imap pop3 lmtp

listen = *, ::


vi /etc/dovecot/conf.d/10-auth.conf 

disable_plaintext_auth = no

auth_mechanisms = plain

!include auth-system.conf.ext


vi /etc/dovecot/conf.d/10-mail.conf 

mail_location = maildir:~/Maildir

namespace inbox {

first_valid_uid = 1000

mbox_write_locks = fcntl


vi /etc/dovecot/conf.d/10-ssl.conf

ssl = no

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

ssl_key = </etc/pki/dovecot/private/dovecot.pem


配置saslauthd认证

vi /etc/sysconfig/saslauthd

SOCKETDIR=/run/saslauthd

MECH=shadow

FLAGS=


vi /usr/lib64/sasl2/smtpd.conf  #没有的话就创建该文件

pwcheck_method: saslauthd

mech_list: PLAIN LOGIN

log_level: 3


启动服务

systemctl restart postfix dovecot saslauthd

systemctl status postfix dovecot saslauthd

ss -tnl


新建用户并测试收发邮件

more /etc/passwd

useradd usera

echo redhat | passwd --stdin usera

useradd userb

echo redhat | passwd --stdin userb

ll /home/usera/Maildir/

systemctl enable named postfix dovecot saslauthd


之后就可以通过Foxmail等邮件客户端登录互相收发邮件了,注意需要配置辅助dns为192.168.80.71,这样才能解析本地域名mail.localyum.com



主机端口监听情况如下:

[root@c1 ~]# ss -tnl

State      Recv-Q Send-Q   Local Address:Port    Peer Address:Port              
LISTEN     0      100                  *:110        *:*  
LISTEN     0      100                  *:143        *:*  
LISTEN     0      10       192.168.80.71:53         *:*  
LISTEN     0      10       192.168.10.71:53         *:*  
LISTEN     0      10           127.0.0.1:53         *:*  
LISTEN     0      128                  *:22         *:*  
LISTEN     0      100                  *:25         *:*  
LISTEN     0      128          127.0.0.1:953        *:*  
LISTEN     0      100                 :::110       :::*  
LISTEN     0      100                 :::143       :::*  
LISTEN     0      10                 ::1:53        :::*  
LISTEN     0      128                 :::22        :::*  
LISTEN     0      100                 :::25        :::*  
LISTEN     0      128                ::1:953       :::*

[root@c1 ~]# netstat -tnlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address       Foreign Address   State       PID/Program name
tcp        0      0 0.0.0.0:110         0.0.0.0:*         LISTEN      1042/dovecot 
tcp        0      0 0.0.0.0:143         0.0.0.0:*         LISTEN      1042/dovecot 
tcp        0      0 192.168.80.71:53    0.0.0.0:*         LISTEN      2233/named   
tcp        0      0 192.168.10.71:53    0.0.0.0:*         LISTEN      2233/named   
tcp        0      0 127.0.0.1:53        0.0.0.0:*         LISTEN      2233/named   
tcp        0      0 0.0.0.0:22          0.0.0.0:*         LISTEN      1023/sshd    
tcp        0      0 127.0.0.1:953       0.0.0.0:*         LISTEN      2233/named   
tcp        0      0 0.0.0.0:25          0.0.0.0:*         LISTEN      1169/master  
tcp6       0      0 :::110              :::*              LISTEN      1042/dovecot 
tcp6       0      0 :::143              :::*              LISTEN      1042/dovecot 
tcp6       0      0 ::1:53              :::*              LISTEN      2233/named   
tcp6       0      0 :::22               :::*              LISTEN      1023/sshd    
tcp6       0      0 ::1:953             :::*              LISTEN      2233/named   
tcp6       0      0 :::25               :::*              LISTEN      1169/master

本文出自 “rackie” 博客,请务必保留此出处http://rackie386.blog.51cto.com/11279229/1972618

CentOS7部署DNS和E-mail服务

标签:centos7   dns   email   

原文地址:http://rackie386.blog.51cto.com/11279229/1972618

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!