检查系统版本
[root@KylinuxV10-SP3 ~]# cat /etc/.kyinfo
[dist]
name=Kylin
milestone=Server-V10-SP3-General-Release-2303
arch=x86_64
beta=False
time=2023-03-24 14:53:53
dist_id=Kylin-Server-V10-SP3-General-Release-2303-x86_64-2023-03-24 14:53:53
[servicekey]
key=0230044
[os]
to=
term=2024-07-01
[root@KylinuxV10-SP3 ~]# uname -a
Linux KylinuxV10-SP3 4.19.90-52.22.v2207.ky10.x86_64 #1 SMP Tue Mar 14 12:19:10 CST 2023 x86_64 x86_64 x86_64 GNU/Linux
关闭防火墙和麒麟KYSEC
[root@KylinuxV10-SP3 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-05-23 14:25:54 CST; 2min 50s ago
Docs: man:firewalld(1)
Main PID: 976 (firewalld)
Tasks: 2
Memory: 36.3M
CGroup: /system.slice/firewalld.service
└─976 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
May 23 14:25:54 KylinuxV10-SP3 systemd[1]: Starting firewalld - dynamic firewall daemon...
May 23 14:25:54 KylinuxV10-SP3 systemd[1]: Started firewalld - dynamic firewall daemon.
[root@KylinuxV10-SP3 ~]#
[root@KylinuxV10-SP3 ~]#
[root@KylinuxV10-SP3 ~]#
[root@KylinuxV10-SP3 ~]# systemctl disable firewalld --now
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@KylinuxV10-SP3 ~]#
[root@KylinuxV10-SP3 ~]#
[root@KylinuxV10-SP3 ~]#
[root@KylinuxV10-SP3 ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
May 23 14:25:54 KylinuxV10-SP3 systemd[1]: Starting firewalld - dynamic firewall daemon...
May 23 14:25:54 KylinuxV10-SP3 systemd[1]: Started firewalld - dynamic firewall daemon.
May 23 14:28:56 KylinuxV10-SP3 systemd[1]: Stopping firewalld - dynamic firewall daemon...
May 23 14:28:56 KylinuxV10-SP3 systemd[1]: firewalld.service: Succeeded.
May 23 14:28:56 KylinuxV10-SP3 systemd[1]: Stopped firewalld - dynamic firewall daemon.
[root@KylinuxV10-SP3 ~]# getstatus
KySec status: disable
selinux status: disable
apparmor status: disable
box status: disable
安装配置DNS服务器
安装DNS服务
[root@KylinuxV10-SP3 ~]# dnf install bind bind-utils -y
Last metadata expiration check: 21:06:51 ago on Wed 22 May 2024 05:28:05 PM CST.
Package bind-32:9.11.21-10.ky10.x86_64 is already installed.
Package bind-utils-32:9.11.21-10.ky10.x86_64 is already installed.
Dependencies resolved.
=============================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================
Upgrading:
bind x86_64 32:9.11.21-18.ky10 ks10-adv-updates 2.0 M
bind-libs x86_64 32:9.11.21-18.ky10 ks10-adv-updates 77 k
bind-libs-lite x86_64 32:9.11.21-18.ky10 ks10-adv-updates 1.0 M
bind-utils x86_64 32:9.11.21-18.ky10 ks10-adv-updates 324 k
python3-bind noarch 32:9.11.21-18.ky10 ks10-adv-updates 60 k
Transaction Summary
=============================================================================================================================================
Upgrade 5 Packages
Total download size: 3.5 M
Downloading Packages:
(1/5): bind-libs-9.11.21-18.ky10.x86_64.rpm 832 kB/s | 77 kB 00:00
(2/5): bind-libs-lite-9.11.21-18.ky10.x86_64.rpm 3.7 MB/s | 1.0 MB 00:00
(3/5): bind-9.11.21-18.ky10.x86_64.rpm 6.8 MB/s | 2.0 MB 00:00
(4/5): bind-utils-9.11.21-18.ky10.x86_64.rpm 1.6 MB/s | 324 kB 00:00
(5/5): python3-bind-9.11.21-18.ky10.noarch.rpm 1.5 MB/s | 60 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------
Total 11 MB/s | 3.5 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: bind-libs-32:9.11.21-18.ky10.x86_64 1/1
Upgrading : bind-libs-32:9.11.21-18.ky10.x86_64 1/10
Running scriptlet: bind-libs-32:9.11.21-18.ky10.x86_64 1/10
Upgrading : bind-libs-lite-32:9.11.21-18.ky10.x86_64 2/10
Running scriptlet: bind-libs-lite-32:9.11.21-18.ky10.x86_64 2/10
Upgrading : python3-bind-32:9.11.21-18.ky10.noarch 3/10
Running scriptlet: bind-32:9.11.21-18.ky10.x86_64 4/10
Upgrading : bind-32:9.11.21-18.ky10.x86_64 4/10
Running scriptlet: bind-32:9.11.21-18.ky10.x86_64 4/10
Upgrading : bind-utils-32:9.11.21-18.ky10.x86_64 5/10
Cleanup : bind-utils-32:9.11.21-10.ky10.x86_64 6/10
Cleanup : bind-libs-lite-32:9.11.21-10.ky10.x86_64 7/10
Running scriptlet: bind-libs-lite-32:9.11.21-10.ky10.x86_64 7/10
Cleanup : bind-libs-32:9.11.21-10.ky10.x86_64 8/10
Running scriptlet: bind-libs-32:9.11.21-10.ky10.x86_64 8/10
Cleanup : python3-bind-32:9.11.21-10.ky10.noarch 9/10
Running scriptlet: bind-32:9.11.21-10.ky10.x86_64 10/10
Cleanup : bind-32:9.11.21-10.ky10.x86_64 10/10
Running scriptlet: bind-32:9.11.21-10.ky10.x86_64 10/10
Verifying : bind-32:9.11.21-18.ky10.x86_64 1/10
Verifying : bind-32:9.11.21-10.ky10.x86_64 2/10
Verifying : bind-libs-32:9.11.21-18.ky10.x86_64 3/10
Verifying : bind-libs-32:9.11.21-10.ky10.x86_64 4/10
Verifying : bind-libs-lite-32:9.11.21-18.ky10.x86_64 5/10
Verifying : bind-libs-lite-32:9.11.21-10.ky10.x86_64 6/10
Verifying : bind-utils-32:9.11.21-18.ky10.x86_64 7/10
Verifying : bind-utils-32:9.11.21-10.ky10.x86_64 8/10
Verifying : python3-bind-32:9.11.21-18.ky10.noarch 9/10
Verifying : python3-bind-32:9.11.21-10.ky10.noarch 10/10
Upgraded:
bind-32:9.11.21-18.ky10.x86_64 bind-libs-32:9.11.21-18.ky10.x86_64 bind-libs-lite-32:9.11.21-18.ky10.x86_64
bind-utils-32:9.11.21-18.ky10.x86_64 python3-bind-32:9.11.21-18.ky10.noarch
Complete!
配置DNS服务
[root@KylinuxV10-SP3 ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 192.168.14.129; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
[root@KylinuxV10-SP3 ~]# cat /etc/named.rfc1912.zones
##add 2 zone
zone "zy.com" IN {
type master;
file "zy.com.zone";
allow-update { none; };
};
zone "14.168.192.in-addr.arpa" IN {
type master;
file "14.168.192.in-addr.zone";
allow-update { none; };
};
cd /var/named
cp -p named.localhost zy.com.zone
cp -p named.loopback 14.168.192.in-addr.zone
[root@KylinuxV10-SP3 named]# cat zy.com.zone
$TTL 1D
@ IN SOA zy.com mail.zy.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.14.129
MX 10 mail.zy.com.
mail A 192.168.14.129
[root@KylinuxV10-SP3 named]# cat 14.168.192.in-addr.zone
$TTL 1D
@ IN SOA zy.com mail.zy.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 192.168.14.129
MX 10 mail.zy.com.
129 PTR mail.zy.com.
启动服务
[root@KylinuxV10-SP3 named]# systemctl start named
[root@KylinuxV10-SP3 named]#
[root@KylinuxV10-SP3 named]#
[root@KylinuxV10-SP3 named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2024-05-23 14:45:09 CST; 7s ago
Process: 3625 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else e>
Process: 3627 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 3629 (named)
Tasks: 5
Memory: 52.8M
CGroup: /system.slice/named.service
└─3629 /usr/sbin/named -u named -c /etc/named.conf
May 23 14:45:10 KylinuxV10-SP3 named[3629]: network unreachable resolving './DNSKEY/IN': 2801:1b8:10::b#53
May 23 14:45:10 KylinuxV10-SP3 named[3629]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
May 23 14:45:10 KylinuxV10-SP3 named[3629]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
May 23 14:45:10 KylinuxV10-SP3 named[3629]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
May 23 14:45:10 KylinuxV10-SP3 named[3629]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
May 23 14:45:10 KylinuxV10-SP3 named[3629]: resolver priming query complete
May 23 14:45:10 KylinuxV10-SP3 named[3629]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
May 23 14:45:10 KylinuxV10-SP3 named[3629]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
May 23 14:45:10 KylinuxV10-SP3 named[3629]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
May 23 14:45:10 KylinuxV10-SP3 named[3629]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
验证解析
[root@KylinuxV10-SP3 named]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 192.168.14.129
[root@KylinuxV10-SP3 named]# dig mail.zy.com
; <<>> DiG 9.11.21-9.11.21-18.ky10 <<>> mail.zy.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3018
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: b3ca3fce7a2056de34d4456e664ee651b7e5af91ee70ed5e (good)
;; QUESTION SECTION:
;mail.zy.com. IN A
;; ANSWER SECTION:
mail.zy.com. 86400 IN A 192.168.14.129
;; AUTHORITY SECTION:
zy.com. 86400 IN NS zy.com.
;; ADDITIONAL SECTION:
zy.com. 86400 IN A 192.168.14.129
;; Query time: 0 msec
;; SERVER: 192.168.14.129#53(192.168.14.129)
;; WHEN: Thu May 23 14:46:41 CST 2024
;; MSG SIZE rcvd: 114
安装配置postfix
安装postfix
[root@KylinuxV10-SP3 named]# dnf install postfix
Last metadata expiration check: 0:22:39 ago on Thu 23 May 2024 02:35:55 PM CST.
Dependencies resolved.
=============================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================
Installing:
postfix x86_64 2:3.3.1-12.ky10 ks10-adv-os 786 k
Transaction Summary
=============================================================================================================================================
Install 1 Package
Total download size: 786 k
Installed size: 2.8 M
Is this ok [y/N]: y
Downloading Packages:
postfix-3.3.1-12.ky10.x86_64.rpm 139 kB/s | 786 kB 00:05
---------------------------------------------------------------------------------------------------------------------------------------------
Total 139 kB/s | 786 kB 00:05
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: postfix-2:3.3.1-12.ky10.x86_64 1/1
Installing : postfix-2:3.3.1-12.ky10.x86_64 1/1
Running scriptlet: postfix-2:3.3.1-12.ky10.x86_64 1/1
Verifying : postfix-2:3.3.1-12.ky10.x86_64 1/1
Installed:
postfix-2:3.3.1-12.ky10.x86_64
Complete!
配置postfix
[root@KylinuxV10-SP3 postfix]# cd /etc/postfix/
修改main.cf
[root@KylinuxV10-SP3 postfix]# postconf -n
alias_database = lmdb:/etc/aliases
alias_maps = lmdb:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 192.168.14.129, 127.0.0.1
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydestination = $myhostname, $mydomain
mydomain = zy.com
myhostname = mail.zy.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_security_level = may
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
邮件保存位置说明:
#home_mailbox = Mailbox ##保存在家目录用户目录下Mailbox里
#home_mailbox = Maildir/ ##保存在家目录用户目录下Maildir目录下cur,new,tmp,一封邮件一个文件
#mail_spool_directory = /var/spool/mail ##保存在/var/spool/mail下以用户名命令的文件中
启动服务
[root@KylinuxV10-SP3 postfix]# systemctl start postfix
[root@KylinuxV10-SP3 postfix]#
[root@KylinuxV10-SP3 postfix]#
[root@KylinuxV10-SP3 postfix]# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/postfix.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2024-05-23 15:08:17 CST; 6s ago
Process: 4144 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
Process: 4147 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
Process: 4150 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
Main PID: 4217 (master)
Tasks: 3
Memory: 3.6M
CGroup: /system.slice/postfix.service
├─4217 /usr/libexec/postfix/master -w
├─4218 pickup -l -t unix -u
└─4219 qmgr -l -t unix -u
May 23 15:08:16 KylinuxV10-SP3 systemd[1]: Starting Postfix Mail Transport Agent...
May 23 15:08:17 KylinuxV10-SP3 postfix/master[4217]: daemon started -- version 3.3.1, configuration /etc/postfix
May 23 15:08:17 KylinuxV10-SP3 systemd[1]: Started Postfix Mail Transport Agent.
测试邮件收发
[root@KylinuxV10-SP3 postfix]# groupadd mailusers
[root@KylinuxV10-SP3 postfix]# useradd -g mailusers -s /sbin/noligin jack
useradd: Warning: missing or non-executable shell '/sbin/noligin'
useradd: warning :The file /sbin/noligin is not exist
[root@KylinuxV10-SP3 postfix]# useradd -g mailusers -s /sbin/nologin jack
[root@KylinuxV10-SP3 postfix]# passwd jack
Changing password for user jack.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@KylinuxV10-SP3 postfix]# useradd -g mailusers -s /sbin/nologin tom
[root@KylinuxV10-SP3 postfix]# passwd tom
Changing password for user tom.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@KylinuxV10-SP3 postfix]#
[root@KylinuxV10-SP3 postfix]# dnf install telnet
Last metadata expiration check: 0:34:48 ago on Thu 23 May 2024 02:35:55 PM CST.
Package telnet-1:0.17-76.ky10.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@CentOS7 postfix]# telnet mail.zy.com 25
Trying 192.168.14.72...
Connected to mail.zy.com.
Escape character is '^]'.
220 mail.zy.com ESMTP Postfix
helo mail.zy.com
250 mail.zy.com
mail from:jack@zy.com
250 2.1.0 Ok
rcpt to:tom@zy.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
I am jack!!
hello ya.
.
250 2.0.0 Ok: queued as 695A08EDBB
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@KylinuxV10-SP3 postfix]# cat /home/tom/Maildir/new/***
From jack@zy.com Thu May 23 15:12:14 2024
Return-Path: <jack@zy.com>
X-Original-To: tom@zy.com
Delivered-To: tom@zy.com
Received: from mail.zy.com (mail.zy.com [192.168.14.129])
by mail.zy.com (Postfix) with SMTP id 776E920C261C
for <tom@zy.com>; Thu, 23 May 2024 15:11:44 +0800 (CST)
Message-Id: <20240523071155.776E920C261C@mail.zy.com>
Date: Thu, 23 May 2024 15:11:44 +0800 (CST)
From: jack@zy.com
hell tom: I am jack.
bye.
安装配置dovecot
安装dovecot
[root@KylinuxV10-SP3 ~]# dnf install dovecot
Last metadata expiration check: 2:18:47 ago on Thu 23 May 2024 02:35:55 PM CST.
Dependencies resolved.
=============================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================
Installing:
dovecot x86_64 1:2.3.15-3.p01.ky10 ks10-adv-updates 5.0 M
Installing dependencies:
clucene-core x86_64 2.3.3.4-35.ky10 ks10-adv-os 513 k
dovecot-help x86_64 1:2.3.15-3.p01.ky10 ks10-adv-updates 111 k
Transaction Summary
=============================================================================================================================================
Install 3 Packages
Total download size: 5.6 M
Installed size: 21 M
Is this ok [y/N]: y
Downloading Packages:
(1/3): dovecot-help-2.3.15-3.p01.ky10.x86_64.rpm 188 kB/s | 111 kB 00:00
(2/3): clucene-core-2.3.3.4-35.ky10.x86_64.rpm 767 kB/s | 513 kB 00:00
(3/3): dovecot-2.3.15-3.p01.ky10.x86_64.rpm 5.0 MB/s | 5.0 MB 00:01
---------------------------------------------------------------------------------------------------------------------------------------------
Total 5.6 MB/s | 5.6 MB 00:01
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : dovecot-help-1:2.3.15-3.p01.ky10.x86_64 1/3
Installing : clucene-core-2.3.3.4-35.ky10.x86_64 2/3
Running scriptlet: clucene-core-2.3.3.4-35.ky10.x86_64 2/3
Running scriptlet: dovecot-1:2.3.15-3.p01.ky10.x86_64 3/3
Installing : dovecot-1:2.3.15-3.p01.ky10.x86_64 3/3
Running scriptlet: dovecot-1:2.3.15-3.p01.ky10.x86_64 3/3
Verifying : clucene-core-2.3.3.4-35.ky10.x86_64 1/3
Verifying : dovecot-1:2.3.15-3.p01.ky10.x86_64 2/3
Verifying : dovecot-help-1:2.3.15-3.p01.ky10.x86_64 3/3
Installed:
clucene-core-2.3.3.4-35.ky10.x86_64 dovecot-1:2.3.15-3.p01.ky10.x86_64 dovecot-help-1:2.3.15-3.p01.ky10.x86_64
Complete!
配置dovecot
[root@KylinuxV10-SP3 ~]# cat /etc/dovecot/dovecot.conf |grep -v '^$' |grep -v '^#'
protocols = imap pop3 lmtp submission
listen = *
login_trusted_networks = 0.0.0.0/0
dict {
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf
!include_try local.conf
[root@KylinuxV10-SP3 ~]# cat /etc/dovecot/conf.d/10-auth.conf |grep -v '^$' |grep -v '^#'
disable_plaintext_auth = no
auth_mechanisms = plain login
!include auth-system.conf.ext
[root@KylinuxV10-SP3 ~]# cat /etc/dovecot/conf.d/10-mail.conf |grep -v '^$' |grep -v '#'
mail_location = maildir:~/Maildir
namespace inbox {
inbox = yes
}
protocol !indexer-worker {
}
mbox_write_locks = fcntl
[root@KylinuxV10-SP3 ~]# cat /etc/dovecot/conf.d/10-ssl.conf |grep -v '^$' |grep -v '^#'
ssl = no
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
ssl_cipher_list = PROFILE=SYSTEM
启动dovecot服务
[root@KylinuxV10-SP3 ~]# systemctl start dovecot
[root@KylinuxV10-SP3 ~]# systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2024-05-23 17:03:16 CST; 6s ago
Docs: man:dovecot(1)
https://doc.dovecot.org/
Process: 6510 ExecStartPre=/usr/libexec/dovecot/prestartscript (code=exited, status=0/SUCCESS)
Main PID: 6517 (dovecot)
Status: "v2.3.15 (0503334ab1) running"
Tasks: 4
Memory: 3.8M
CGroup: /system.slice/dovecot.service
├─6517 /usr/sbin/dovecot -F
├─6519 dovecot/anvil
├─6520 dovecot/log
└─6521 dovecot/config
May 23 17:03:14 KylinuxV10-SP3 systemd[1]: Starting Dovecot IMAP/POP3 email server...
May 23 17:03:16 KylinuxV10-SP3 dovecot[6517]: Warning: Corrected permissions for login directory /var/run/dovecot/token-login
May 23 17:03:16 KylinuxV10-SP3 dovecot[6517]: master: Warning: Corrected permissions for login directory /var/run/dovecot/token-login
May 23 17:03:16 KylinuxV10-SP3 dovecot[6517]: master: Dovecot v2.3.15 (0503334ab1) starting up for imap, pop3, lmtp, submission
May 23 17:03:16 KylinuxV10-SP3 systemd[1]: Started Dovecot IMAP/POP3 email server.
测试邮件收发
[root@KylinuxV10-SP3 ~]# telnet mail.zy.com 110
Trying 192.168.14.129...
Connected to mail.zy.com.
Escape character is '^]'.
+OK [XCLIENT] Dovecot ready.
user tom
+OK
pass $RFV5tgb
+OK Logged in.
list
+OK 1 messages:
1 390
.
retr 1
+OK 390 octets
Return-Path: <jack@zy.com>
X-Original-To: tom@zy.com
Delivered-To: tom@zy.com
Received: from mail.zy.com (mail.zy.com [192.168.14.129])
by mail.zy.com (Postfix) with SMTP id C5F0320C261C
for <tom@zy.com>; Thu, 23 May 2024 16:44:28 +0800 (CST)
Message-Id: <20240523084438.C5F0320C261C@mail.zy.com>
Date: Thu, 23 May 2024 16:44:28 +0800 (CST)
From: jack@zy.com
test
test
test
安装配置发信认证
安装cryrus-sasl软件
[root@KylinuxV10-SP3 ~]# dnf install cyrus-sasl*
Last metadata expiration check: 2:35:48 ago on Thu 23 May 2024 02:35:55 PM CST.
Package cyrus-sasl-2.1.27-13.ky10.x86_64 is already installed.
Package cyrus-sasl-gssapi-2.1.27-13.ky10.x86_64 is already installed.
Package cyrus-sasl-lib-2.1.27-13.ky10.x86_64 is already installed.
Dependencies resolved.
=============================================================================================================================================
Package Architecture Version Repository Size
=============================================================================================================================================
Installing:
cyrus-sasl-devel x86_64 2.1.27-14.ky10 ks10-adv-updates 45 k
cyrus-sasl-gs2 x86_64 2.1.27-14.ky10 ks10-adv-updates 22 k
cyrus-sasl-help noarch 2.1.27-14.ky10 ks10-adv-updates 85 k
cyrus-sasl-ldap x86_64 2.1.27-14.ky10 ks10-adv-updates 17 k
cyrus-sasl-md5 x86_64 2.1.27-14.ky10 ks10-adv-updates 37 k
cyrus-sasl-ntlm x86_64 2.1.27-14.ky10 ks10-adv-updates 23 k
cyrus-sasl-plain x86_64 2.1.27-14.ky10 ks10-adv-updates 19 k
cyrus-sasl-scram x86_64 2.1.27-14.ky10 ks10-adv-updates 25 k
cyrus-sasl-sql x86_64 2.1.27-14.ky10 ks10-adv-updates 19 k
Upgrading:
cyrus-sasl x86_64 2.1.27-14.ky10 ks10-adv-updates 53 k
cyrus-sasl-gssapi x86_64 2.1.27-14.ky10 ks10-adv-updates 22 k
cyrus-sasl-lib x86_64 2.1.27-14.ky10 ks10-adv-updates 71 k
Transaction Summary
=============================================================================================================================================
Install 9 Packages
Upgrade 3 Packages
Total download size: 437 k
Is this ok [y/N]: y
Downloading Packages:
(1/12): cyrus-sasl-devel-2.1.27-14.ky10.x86_64.rpm 75 kB/s | 45 kB 00:00
(2/12): cyrus-sasl-help-2.1.27-14.ky10.noarch.rpm 136 kB/s | 85 kB 00:00
(3/12): cyrus-sasl-gs2-2.1.27-14.ky10.x86_64.rpm 35 kB/s | 22 kB 00:00
(4/12): cyrus-sasl-ldap-2.1.27-14.ky10.x86_64.rpm 581 kB/s | 17 kB 00:00
(5/12): cyrus-sasl-md5-2.1.27-14.ky10.x86_64.rpm 1.2 MB/s | 37 kB 00:00
(6/12): cyrus-sasl-plain-2.1.27-14.ky10.x86_64.rpm 569 kB/s | 19 kB 00:00
(7/12): cyrus-sasl-sql-2.1.27-14.ky10.x86_64.rpm 484 kB/s | 19 kB 00:00
(8/12): cyrus-sasl-2.1.27-14.ky10.x86_64.rpm 2.6 MB/s | 53 kB 00:00
(9/12): cyrus-sasl-gssapi-2.1.27-14.ky10.x86_64.rpm 1.1 MB/s | 22 kB 00:00
(10/12): cyrus-sasl-lib-2.1.27-14.ky10.x86_64.rpm 1.9 MB/s | 71 kB 00:00
(11/12): cyrus-sasl-scram-2.1.27-14.ky10.x86_64.rpm 157 kB/s | 25 kB 00:00
(12/12): cyrus-sasl-ntlm-2.1.27-14.ky10.x86_64.rpm 121 kB/s | 23 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------
Total 534 kB/s | 437 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: cyrus-sasl-lib-2.1.27-14.ky10.x86_64 1/1
Upgrading : cyrus-sasl-lib-2.1.27-14.ky10.x86_64 1/15
Running scriptlet: cyrus-sasl-2.1.27-14.ky10.x86_64 2/15
Upgrading : cyrus-sasl-2.1.27-14.ky10.x86_64 2/15
Running scriptlet: cyrus-sasl-2.1.27-14.ky10.x86_64 2/15
Installing : cyrus-sasl-devel-2.1.27-14.ky10.x86_64 3/15
Installing : cyrus-sasl-gs2-2.1.27-14.ky10.x86_64 4/15
Installing : cyrus-sasl-ldap-2.1.27-14.ky10.x86_64 5/15
Installing : cyrus-sasl-md5-2.1.27-14.ky10.x86_64 6/15
Installing : cyrus-sasl-ntlm-2.1.27-14.ky10.x86_64 7/15
Installing : cyrus-sasl-plain-2.1.27-14.ky10.x86_64 8/15
Installing : cyrus-sasl-scram-2.1.27-14.ky10.x86_64 9/15
Installing : cyrus-sasl-sql-2.1.27-14.ky10.x86_64 10/15
Upgrading : cyrus-sasl-gssapi-2.1.27-14.ky10.x86_64 11/15
Installing : cyrus-sasl-help-2.1.27-14.ky10.noarch 12/15
Cleanup : cyrus-sasl-gssapi-2.1.27-13.ky10.x86_64 13/15
Running scriptlet: cyrus-sasl-2.1.27-13.ky10.x86_64 14/15
Cleanup : cyrus-sasl-2.1.27-13.ky10.x86_64 14/15
Running scriptlet: cyrus-sasl-2.1.27-13.ky10.x86_64 14/15
Cleanup : cyrus-sasl-lib-2.1.27-13.ky10.x86_64 15/15
Running scriptlet: cyrus-sasl-lib-2.1.27-13.ky10.x86_64 15/15
Verifying : cyrus-sasl-devel-2.1.27-14.ky10.x86_64 1/15
Verifying : cyrus-sasl-gs2-2.1.27-14.ky10.x86_64 2/15
Verifying : cyrus-sasl-help-2.1.27-14.ky10.noarch 3/15
Verifying : cyrus-sasl-ldap-2.1.27-14.ky10.x86_64 4/15
Verifying : cyrus-sasl-md5-2.1.27-14.ky10.x86_64 5/15
Verifying : cyrus-sasl-ntlm-2.1.27-14.ky10.x86_64 6/15
Verifying : cyrus-sasl-plain-2.1.27-14.ky10.x86_64 7/15
Verifying : cyrus-sasl-scram-2.1.27-14.ky10.x86_64 8/15
Verifying : cyrus-sasl-sql-2.1.27-14.ky10.x86_64 9/15
Verifying : cyrus-sasl-2.1.27-14.ky10.x86_64 10/15
Verifying : cyrus-sasl-2.1.27-13.ky10.x86_64 11/15
Verifying : cyrus-sasl-gssapi-2.1.27-14.ky10.x86_64 12/15
Verifying : cyrus-sasl-gssapi-2.1.27-13.ky10.x86_64 13/15
Verifying : cyrus-sasl-lib-2.1.27-14.ky10.x86_64 14/15
Verifying : cyrus-sasl-lib-2.1.27-13.ky10.x86_64 15/15
Upgraded:
cyrus-sasl-2.1.27-14.ky10.x86_64 cyrus-sasl-gssapi-2.1.27-14.ky10.x86_64 cyrus-sasl-lib-2.1.27-14.ky10.x86_64
Installed:
cyrus-sasl-devel-2.1.27-14.ky10.x86_64 cyrus-sasl-gs2-2.1.27-14.ky10.x86_64 cyrus-sasl-help-2.1.27-14.ky10.noarch
cyrus-sasl-ldap-2.1.27-14.ky10.x86_64 cyrus-sasl-md5-2.1.27-14.ky10.x86_64 cyrus-sasl-ntlm-2.1.27-14.ky10.x86_64
cyrus-sasl-plain-2.1.27-14.ky10.x86_64 cyrus-sasl-scram-2.1.27-14.ky10.x86_64 cyrus-sasl-sql-2.1.27-14.ky10.x86_64
Complete!
配置认证方式
[root@KylinuxV10-SP3 ~]# cat /etc/sasl2/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
log_level: 3
[root@KylinuxV10-SP3 ~]# cat /etc/sysconfig/saslauthd
FLAGS=
SOCKETDIR=/run/saslauthd
MECH=pam
[root@KylinuxV10-SP3 ~]# postconf -n
alias_database = lmdb:/etc/aliases
alias_maps = lmdb:/etc/aliases
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_interfaces = 192.168.14.129, 127.0.0.1
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydestination = $myhostname, $mydomain
mydomain = zy.com
myhostname = mail.zy.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/README_FILES
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_CApath = /etc/pki/tls/certs
smtp_tls_security_level = may
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/pki/tls/certs/postfix.pem
smtpd_tls_key_file = /etc/pki/tls/private/postfix.key
smtpd_tls_security_level = may
unknown_local_recipient_reject_code = 550
重启postfix,saslauthd服务
[root@KylinuxV10-SP3 ~]# systemctl restart saslauthd.service postfix.service
测试发信验证
root@ubuntu22:~# telnet 192.168.14.129 25
Trying 192.168.14.129...
Connected to 192.168.14.129.
Escape character is '^]'.
220 mail.zy.com ESMTP Postfix
helo mail.zy.com
250 mail.zy.com
mail from:jack@zy.com
250 2.1.0 Ok
rcpt to:john_ca@qq.com
454 4.7.1 <john_ca@qq.com>: Relay access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
root@ubuntu22:~# printf "jack" |openssl base64
amFjaw==
root@ubuntu22:~# printf '$RFV5tgb' | openssl base64
JFJGVjV0Z2I=
root@ubuntu22:~# telnet 192.168.14.129 25
Trying 192.168.14.129...
Connected to 192.168.14.129.
Escape character is '^]'.
220 mail.zy.com ESMTP Postfix
ehlo mail.zy.com
250-mail.zy.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
auth login
334 VXNlcm5hbWU6
amFjaw==
334 UGFzc3dvcmQ6
JFJGVjV0Z2I=
235 2.7.0 Authentication successful
mail from jack@zy.com
501 5.5.4 Syntax: MAIL FROM:<address>
rcpt to:john_ca@qq.com
503 5.5.1 Error: need MAIL command
mail from:jack@zy.com
250 2.1.0 Ok
rcpt to:john_ca@qq.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test again
.
250 2.0.0 Ok: queued as 3BE9020C2612
quit
221 2.0.0 Bye
Connection closed by foreign host.
