一、dns的配置:
我的配置如下所示:
[root@server2 named]# cat rhel5.com.cn.zone
$TTL 86400
@ IN SOA ns1.rhel5.com.cn. root (
2009032909 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
$TTL 86400
@ IN SOA ns1.rhel5.com.cn. root (
2009032909 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS ns1.rhel5.com.cn.
IN MX 10 mail.rhel5.com.cn.
ns1 IN A 192.168.1.12
www IN A 192.168.1.12
mail IN A 192.168.1.12
ftp IN A 192.168.1.12
proxy IN A 192.168.1.12
IN MX 10 mail.rhel5.com.cn.
ns1 IN A 192.168.1.12
www IN A 192.168.1.12
mail IN A 192.168.1.12
ftp IN A 192.168.1.12
proxy IN A 192.168.1.12
[root@server2 named]# cat 192.168.1.zone
$TTL 86400
@ IN SOA ns1.rhel5.com. root (
2009032907 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.rhel5.com.
11 IN PTR ns1.rhel5.com.
IN PTR [url]www.rhel5.com.[/url]
IN PTR mail.rhel5.com.
IN PTR ftp.rhel5.com.
IN PTR server1.rhel5.com.
IN PTR proxy.rhel5.com.
12 IN PTR ns1.rhel5.com.cn.
IN PTR server2.rhel5.com.
IN PTR [url]www.rhel5.com.cn.[/url]
IN PTR mail.rhel5.com.cn.
IN PTR ftp.rhel5.com.cn.
IN PTR proxy.rhel5.com.cn.
13 IN PTR server3.rhel5.com.
@ IN SOA ns1.rhel5.com. root (
2009032907 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS ns1.rhel5.com.
11 IN PTR ns1.rhel5.com.
IN PTR [url]www.rhel5.com.[/url]
IN PTR mail.rhel5.com.
IN PTR ftp.rhel5.com.
IN PTR server1.rhel5.com.
IN PTR proxy.rhel5.com.
12 IN PTR ns1.rhel5.com.cn.
IN PTR server2.rhel5.com.
IN PTR [url]www.rhel5.com.cn.[/url]
IN PTR mail.rhel5.com.cn.
IN PTR ftp.rhel5.com.cn.
IN PTR proxy.rhel5.com.cn.
13 IN PTR server3.rhel5.com.
二、sendmail相关软件包安装:
sendmail-8.13.8-2.el5.i386.rpm
sendmail-devel-8.13.8-2.el5.i386.rpm
sendmail-cf-8.13.8-2.el5.i386.rpm
sendmail-doc-8.13.8-2.el5.i386.rpm
m4-1.4.5-3.el5.1.i386.rpm
dovecot-1.0.7-7.el5.i386.rpm
建议用yum安装,可以自动解决依赖问题。
sendmail的配置文件主要存在与/etc/mail目录下:
[root@server2 mail]# ls
access domaintable.db mailertable sendmail.cf submit.cf trusted-users
access.db helpfile mailertable.db sendmail.mc submit.cf.bak virtusertable
domaintable local-host-names Makefile spamassassin submit.mc virtusertable.db
access domaintable.db mailertable sendmail.cf submit.cf trusted-users
access.db helpfile mailertable.db sendmail.mc submit.cf.bak virtusertable
domaintable local-host-names Makefile spamassassin submit.mc virtusertable.db
三个名词解释:
MUA:邮件用户代理(Mail User Agent)
MTA:邮件传输代理(Mail Transfer Agent)
MDA:邮件递送代理(Mail Delivery Agent)
三、配置sendmail:
主要步骤:
(1)配置sendmail.mc文件
[root@server2 mail]# vi sendmail.mc
设置SMTP的用户认证,找到以下两行,取消前面的注释,如下所示:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
找到下行,将smtp侦听范围127.0.0.1改为0.0.0.0
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
修改域,找到LOCAL_DOMAIN(`localhost.localdomain')dnl此行,将其改为LOCAL_DOMAIN(`rhel5.com.cn')dnl
(2)使用m4工具将sendmail.mc文件导入sendmail.cf文件
[root@server2 mail]# m4 sendmail.mc >sendmail.cf
(3)配置local-host-names文件
[root@server2 mail]# vi local-host-names
# local-host-names - include all aliases for your machine here.
rhel5.com.cn
mail.rhel5.com.cn
rhel5.com.cn
mail.rhel5.com.cn
(4)建立用户帐号
[root@server2 mail]# for user in student1 student2;do useradd -g 500 -G student -d /home/$user -s /bin/bash $user;echo redhat|passwd --stdin $user;done;
useradd: user student1 exists
Changing password for user student1.
passwd: all authentication tokens updated successfully.
useradd: user student2 exists
Changing password for user student2.
passwd: all authentication tokens updated successfully.
[root@server2 mail]# ls /home/
student student1 student2
useradd: user student1 exists
Changing password for user student1.
passwd: all authentication tokens updated successfully.
useradd: user student2 exists
Changing password for user student2.
passwd: all authentication tokens updated successfully.
[root@server2 mail]# ls /home/
student student1 student2
群发邮件设置:
编辑/etc/alias文件,aliases文件语法格式:
别名:真实名1,真实名2
student1: user1,user2
student2: user3,user4
student2: user3,user4
使用newaliases命令生成aliases.db数据库文件:
[root@server2 mail]# newaliases
/etc/aliases: 78 aliases, longest 11 bytes, 803 bytes total
/etc/aliases: 78 aliases, longest 11 bytes, 803 bytes total
(5) 配置访问控制的access文件:
[root@server2 mail]# vi access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.1 RELAY
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:192.168.1 RELAY
生成access数据库文件:
[root@server2 mail]# makemap hash access.db <access
(6),配置dovecot:
默认情况下,/etc/dovecot.conf文件是不用修改的就可以使用。
(6)重新启动服务使配置生效
[root@server2 mail]# service saslauthd start
Starting saslauthd: [ OK ]
[root@server2 mail]# service dovecot start
Starting Dovecot Imap: [ OK ]
Starting saslauthd: [ OK ]
[root@server2 mail]# service dovecot start
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
检查是否成功启动:
[root@server2 mail]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3770/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::993 :::* LISTEN 3708/dovecot
tcp 0 0 :::995 :::* LISTEN 3708/dovecot
tcp 0 0 :::110 :::* LISTEN 3708/dovecot
tcp 0 0 :::143 :::* LISTEN 3708/dovecot
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3770/sendmail: acce
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::993 :::* LISTEN 3708/dovecot
tcp 0 0 :::995 :::* LISTEN 3708/dovecot
tcp 0 0 :::110 :::* LISTEN 3708/dovecot
tcp 0 0 :::143 :::* LISTEN 3708/dovecot
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
防火墙配置:
[root@server2 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp -m multiport --dport 25,110,143,993,995 -j ACCEPT
993对应的是imaps,995对应的是pop3s。这个在后面说。
windows上测试:
C:\>telnet mail.rhel5.com.cn 25
220 server2.rhel5.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 31 Mar 2009 22:12:16 +0
800
ehlo hello
250-server2.rhel5.com Hello xzxj [192.168.1.156], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
800
ehlo hello
250-server2.rhel5.com Hello xzxj [192.168.1.156], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
C:\>telnet mail.rhel5.com.cn 110
+OK Dovecot ready.
C:\>telnet mail.rhel5.com.cn 143
* OK Dovecot ready.
全部都测试成功。
(7) 配置基于ssl的sendmail.
首先配置dovecot的ssl加密:
进到/etc/pki/dovecot目录,修改下dovecot-openssl.cnf此文件,我修改后的文件如下:
[root@server2 dovecot]# vi dovecot-openssl.cnf
[ req ]
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
default_bits = 1024
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
# country (2 letter code)
#C=CN
# country (2 letter code)
#C=CN
# State or Province Name (full name)
#ST=zhejiang
#ST=zhejiang
# Locality Name (eg. city)
#L=Hangzhou
#L=Hangzhou
# Organization (eg. company)
#O=xzxj
#O=xzxj
# Organizational Unit Name (eg. section)
OU=mail.rhel5.com.cn
OU=mail.rhel5.com.cn
# Common Name (*.example.com is also possible)
CN=rhel5
CN=rhel5
# E-mail contact
emailAddress=postmaster@mail.rhel5.com.cn
emailAddress=postmaster@mail.rhel5.com.cn
[ cert_type ]
nsCertType = server
nsCertType = server
在执行之前,将/etc/pki/dovecot目录下的所有dovecot.pem文件删除,然后进到/usr/share/doc/dovecot-1.0.7/examples目录里执行mkcert.sh脚本:
[root@server2 examples]# ./mkcert.sh
Generating a 1024 bit RSA private key
..................++++++
....++++++
writing new private key to '/etc/pki/dovecot/private/dovecot.pem'
-----
Generating a 1024 bit RSA private key
..................++++++
....++++++
writing new private key to '/etc/pki/dovecot/private/dovecot.pem'
-----
subject= /OU=mail.rhel5.com.cn/CN=rhel5/emailAddress=postmaster@mail.rhel5.com.cn
SHA1 Fingerprint=FB:42:D3:3A:D3:97:54:55:CB:4F:25:43:D3:02:AD:B5:D4:32:22:7D
SHA1 Fingerprint=FB:42:D3:3A:D3:97:54:55:CB:4F:25:43:D3:02:AD:B5:D4:32:22:7D
完了后会在/etc/pki/dovecot目录下产生新的dovecot.pem文件。
接着修改/etc/dovecot.conf文件:
[root@server2 ~]# vi /etc/dovecot.conf
找到此行,将前面的注释符去掉:
protocols = imap imaps pop3 pop3s,接着加入下面内容,设置监听的地址以及端口号:
protocol imap {
listen = 192.168.1.12:143
ssl_listen = 192.168.1.12:993
}
protocol pop3 {
listen = 192.168.1.12:110
ssl_listen = 192.168.1.12:995
}
listen = 192.168.1.12:143
ssl_listen = 192.168.1.12:993
}
protocol pop3 {
listen = 192.168.1.12:110
ssl_listen = 192.168.1.12:995
}
去掉ssl_disable = no前面的注释符,最后修改以下两行:
ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
将前面的注释符去掉,dovecot.pem此文件之先创建过,这里不用修改了。
接着配置sendmail的ssl加密:
[root@server2 certs]# cd /etc/pki/tls/certs
[root@server2 certs]# cd /etc/pki/tls/certs
[root@server2 certs]# make sendmail.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > sendmail.pem ; \
echo "" >> sendmail.pem ; \
cat $PEM2 >> sendmail.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
............................................++++++
....++++++
writing new private key to '/tmp/openssl.Ow4054'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:zhejiang
Locality Name (eg, city) [Newbury]:HZ
Organization Name (eg, company) [My Company Ltd]:xzxj
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.rhel5.com.cn
Email Address []:admin@rhel5.com.cn
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 -set_serial 0 ; \
cat $PEM1 > sendmail.pem ; \
echo "" >> sendmail.pem ; \
cat $PEM2 >> sendmail.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
............................................++++++
....++++++
writing new private key to '/tmp/openssl.Ow4054'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN
State or Province Name (full name) [Berkshire]:zhejiang
Locality Name (eg, city) [Newbury]:HZ
Organization Name (eg, company) [My Company Ltd]:xzxj
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.rhel5.com.cn
Email Address []:admin@rhel5.com.cn
[root@server2 certs]# ls
ca-bundle.crt localhost.crt make-dummy-cert Makefile sendmail.pem
ca-bundle.crt localhost.crt make-dummy-cert Makefile sendmail.pem
修改/etc/mail/sendmail.mc文件,找到以下四行,将其前面的注释符号去掉:
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
接着注释下行:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
去掉下行前面的dnl后为
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
[root@server2 mail]# m4 sendmail.mc >sendmail.cf
重启dovecot和sendmail,使配置生效!
[root@server2 mail]# service dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
[root@server2 mail]# service sendmail restart
Shutting down sm-client: [ OK ]
Shutting down sendmail: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
[root@server2 certs]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 4150/sendmail: acce
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3046/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 4111/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2736/portmap
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 4150/sendmail: acce
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3087/cupsd
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2706/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3051/python
tcp 0 0 :::22 :::* LISTEN 3071/sshd
tcp 0 0 ::1:953 :::* LISTEN 2706/named
udp 0 0 0.0.0.0:37392 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:34478 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 192.168.1.12:53 0.0.0.0:* 2706/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3104/xinetd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3260/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2736/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3087/cupsd
udp 0 0 :::44886 :::* 2706/named
udp 0 0 :::5353 :::* 3260/avahi-daemon:
udp 0 0 :::40315 :::* 3260/avahi-daemon:
防火墙的配置:
基于ssl的sendmail使用的端口是465;
[root@server2 certs]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 465 -j ACCEPT
,到此基于ssl的邮件服务就完毕了。
(8) 测试
使用windows的outlook测试发信和收信。
日志信息如下所示:
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:12 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:13 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:58:32 server2 sendmail[4232]: STARTTLS=server, relay=xzxj [192.168.1.156], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Mar 31 22:58:32 server2 sendmail[4232]: AUTH=server, relay=xzxj [192.168.1.156], authid=student1, mech=LOGIN, bits=0
Mar 31 22:58:32 server2 sendmail[4232]: n2VEwWq3004232: from=<[email]student1@rhel5.com.cn[/email]>, size=1278, class=0, nrcpts=1, msgid=<88D5650C92C5466F87510EE8FB998C82@xzxj>, proto=ESMTP, daemon=TLSMTA, relay=xzxj [192.168.1.156]
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user4, ctladdr=<[email]student2@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user3, ctladdr=<[email]student2@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user2, ctladdr=<[email]student1@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user1, ctladdr=<[email]student1@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: n2VEwWq3004235: postmaster notify: User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004235: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32560, dsn=2.0.0, stat=Sent
Mar 31 22:57:12 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:12 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:13 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student1>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:57:15 server2 dovecot: pop3-login: Login: user=<student2>, method=PLAIN, rip=192.168.1.156, lip=192.168.1.12, TLS
Mar 31 22:57:15 server2 dovecot: POP3(student2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Mar 31 22:58:32 server2 sendmail[4232]: STARTTLS=server, relay=xzxj [192.168.1.156], version=TLSv1/SSLv3, verify=NO, cipher=RC4-MD5, bits=128/128
Mar 31 22:58:32 server2 sendmail[4232]: AUTH=server, relay=xzxj [192.168.1.156], authid=student1, mech=LOGIN, bits=0
Mar 31 22:58:32 server2 sendmail[4232]: n2VEwWq3004232: from=<[email]student1@rhel5.com.cn[/email]>, size=1278, class=0, nrcpts=1, msgid=<88D5650C92C5466F87510EE8FB998C82@xzxj>, proto=ESMTP, daemon=TLSMTA, relay=xzxj [192.168.1.156]
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user4, ctladdr=<[email]student2@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user3, ctladdr=<[email]student2@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=121278, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user2, ctladdr=<[email]student1@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: to=user1, ctladdr=<[email]student1@rhel5.com.cn[/email]> (8/0), delay=00:00:00, mailer=local, pri=61536, dsn=5.1.1, stat=User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004232: n2VEwWq3004235: postmaster notify: User unknown
Mar 31 22:58:32 server2 sendmail[4235]: n2VEwWq3004235: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32560, dsn=2.0.0, stat=Sent
发送成功了。
ok,也正常接收成功!
