一,基于用户的认证
我们知道默认情况下邮件服务器不对用户进行验证,这样就会增加大量的垃圾邮件,为了避免这种现象的发生,我看可以做基于用户的验证,即如果不是一个真是存在的用户就不对他的邮件进行转发或者接收。
编辑主配置文件
1,找到
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
将他们的注释出去修改如下:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
一定要注意修改后的段落一定要顶格写
2,找到
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
修改成
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0,M=Ea, Name=MTA')dnl
3,开启saslauthd
# service saslauthd start
Starting saslauthd: [ OK ]
4,可以执行sendmail -d0 < /dev/null查看sendmail对SASLv2的支持
[root@mail mail]# sendmail -d0 < /dev/null
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = localhost
(canonical domain name) $j = localhost.localdomain
(subdomain name) $m = localdomain
(node name) $k = mail.station.com
========================================================
Recipient names must be specified
5,再次检验验证设置
#telnet mail 25
执行EHLO mail.test.com 确保出现 AUTH LOGIN PLAIN 证明支持# telnet mail 25
Trying 192.168.0.130...
Connected to mail.station.com (192.168.0.130).
Escape character is '^]'.
EHLO mail.test.com
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Mon, 8 Mar 2010 21:45:36 +0800
250-localhost.localdomain Hello phpbb.domaim.com [192.168.0.130] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
6,邮件的发送过程如下:
[root@mail mail]# telnet mail 25
Trying 192.168.0.130...
Connected to mail.station.com (192.168.0.130).
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Mon, 8 Mar 2010 22:08:04 +0800
mail from:natasha@station.com
530 5.7.0 Authentication required
auth login
334 VXNlcm5hbWU6
bmF0YXNoYUBzdGF0aW9uLmNvbQo=
334 UGFzc3dvcmQ6
cmVkaGF0
235 2.0.0 OK Authenticated
mail from:natasha@station.com
250 2.1.0 natasha@station.com... Sender ok
rcpt to:root@station.com
250 2.1.5 root@station.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
hello
this is a test
.
250 2.0.0 o28E84R6021590 Message accepted for delivery
quit
221 2.0.0 localhost.localdomain closing connection
Connection closed by foreign host.
在你输入发件人时它会提醒你需要验证,这时你就要输入
auth login
然后输入经过加密后的natasha@station.com会出来提示信息说数据不完整,这时要输入经过加密的用户名(怎样获得加密后的内容呢?可以使用下面的方式(natasha的密码是redhat)
# echo natasha@station.com | base64
bmF0YXNoYUBzdGF0aW9uLmNvbQo=
# echo redhat | base64
cmVkaGF0Cg==),然后验证通过就可以正常发送邮件了。
编辑主配置文件
1,找到
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
将他们的注释出去修改如下:
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
一定要注意修改后的段落一定要顶格写
2,找到
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
修改成
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0,M=Ea, Name=MTA')dnl
3,开启saslauthd
# service saslauthd start
Starting saslauthd: [ OK ]
4,可以执行sendmail -d0 < /dev/null查看sendmail对SASLv2的支持
[root@mail mail]# sendmail -d0 < /dev/null
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = localhost
(canonical domain name) $j = localhost.localdomain
(subdomain name) $m = localdomain
(node name) $k = mail.station.com
========================================================
Recipient names must be specified
5,再次检验验证设置
#telnet mail 25
执行EHLO mail.test.com 确保出现 AUTH LOGIN PLAIN 证明支持# telnet mail 25
Trying 192.168.0.130...
Connected to mail.station.com (192.168.0.130).
Escape character is '^]'.
EHLO mail.test.com
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Mon, 8 Mar 2010 21:45:36 +0800
250-localhost.localdomain Hello phpbb.domaim.com [192.168.0.130] (may be forged), pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
6,邮件的发送过程如下:
[root@mail mail]# telnet mail 25
Trying 192.168.0.130...
Connected to mail.station.com (192.168.0.130).
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.13.8/8.13.8; Mon, 8 Mar 2010 22:08:04 +0800
mail from:natasha@station.com
530 5.7.0 Authentication required
auth login
334 VXNlcm5hbWU6
bmF0YXNoYUBzdGF0aW9uLmNvbQo=
334 UGFzc3dvcmQ6
cmVkaGF0
235 2.0.0 OK Authenticated
mail from:natasha@station.com
250 2.1.0 natasha@station.com... Sender ok
rcpt to:root@station.com
250 2.1.5 root@station.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
hello
this is a test
.
250 2.0.0 o28E84R6021590 Message accepted for delivery
quit
221 2.0.0 localhost.localdomain closing connection
Connection closed by foreign host.
在你输入发件人时它会提醒你需要验证,这时你就要输入
auth login
然后输入经过加密后的natasha@station.com会出来提示信息说数据不完整,这时要输入经过加密的用户名(怎样获得加密后的内容呢?可以使用下面的方式(natasha的密码是redhat)
# echo natasha@station.com | base64
bmF0YXNoYUBzdGF0aW9uLmNvbQo=
# echo redhat | base64
cmVkaGF0Cg==),然后验证通过就可以正常发送邮件了。
二,Dovecot是一个基于安全的运行于Linux和类Linux系统的IMAP和POP3邮件服务器。它支持主流邮箱的形式:mbox 或者 Maildir。安装邮件投递代理很简单。Dovecot同时适合于大或小型的安装部署。POP / IMAP 是 MUA 从邮件服务器中读取邮件时使用的协议。其中,与 POP3 是从邮件服务器中下载邮件比起来,IMAP4 则是将邮件留在服务器端直接对邮件进行管理、操作。Dovecot 支持多种认证方式,所以在功能方面也比较符合一般的应用。
1,首先安装dovecot-1.0.7-7.el5.i386.rpm
# rpm -ivh dovecot-1.0.7-7.el5.i386.rpm
warning: dovecot-1.0.7-7.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ########################################### [100%]
1:dovecot warning: /etc/dovecot.conf created as /etc/dovecot.conf.rpmnew
########################################### [100%]
2,编辑/etc/dovecot.conf
#/etc/dovecot.conf
找到#protocols = imap imaps pop3 pop3s
改为protocols = pop3
3启动dovecot服务,
[root@mail mail]# service dovecot start
Starting Dovecot Imap: [ OK ]
并将服务加到自动启动队列,
[root@mail mail]# chkconfig dovecot on
可以查看其监听的端口110
[root@mail mail]# netstat -tunlp | grep 110
tcp 0 0 :::110 :::* LISTEN 22579/dovecot
4,给weny用户发送一封邮件
可以使用命令 mutt -f pop://wendy@mail.station.com接收
#mutt -f pop://wendy@mail.station.com
系统提示输入输入用户的密码,
Password for wendy@mail.station.com:
输入密码后可以看到下面的界面
输入密码后可以看到下面的界面
选择邮件后可以阅读
