一、模块说明
postfix是centos系统自带的邮件发送服务,本模块只实现邮件发送和SASL认证功能,目的是为了给程序提供发送注册等通知类邮件给用户的功能。
二、目录结构
三、代码展示
1、manifests目录
init.pp
class postfix{
include postfix::install,postfix::config,postfix::service
}install.pp
class postfix::install {
package { ['postfix','cyrus-sasl','cyrus-sasl-plain','cyrus-sasl-md5']:
ensure => installed,
before => User["postfix"],
}
package { 'sendmail':
ensure => absent,
}
file { '/usr/lib/sasl2':
ensure => directory,
}
file {"/home/service1":
ensure => directory,
group => service1,
owner => service1,
mode => 755,
}
user { "service1":
ensure => present,
shell => '/sbin/nologin',
home => '/home/service1',
password => '$6$mFk7ouL3$pJ1OHG1HF4nM/DKF14iPxn5UQOVoGnQcfngAnukn9.JCflW18mI10zUUVgEzDk21zLhdKTqSy0quvL1jH46qk0',
}
user { "postfix":
ensure => present,
groups => 'root',
}
Exec{ path => ['/usr/bin','/usr/sbin','/bin','/sbin'] }
exec { 'open_port_25':
command => 'iptables -I INPUT -p tcp --dport 25 -j ACCEPT',
unless => 'grep "tcp --dport 25" /etc/sysconfig/iptables 2>/dev/null',
}
exec { 'save_port_25':
command => 'service iptables save',
refreshonly => true,
subscribe => Exec['open_port_25'],
}
}config.pp
class postfix::config {
file { '/etc/postfix/main.cf':
ensure => file,
content => template("postfix/main.cf.erb"),
owner => root,
group => root,
mode => '0644',
require => Class['postfix::install'],
}
file { '/usr/lib/sasl2/smtpd.conf':
ensure => file,
content => template("postfix/smtpd.conf.erb"),
owner => root,
group => root,
mode => '0644',
require => Class['postfix::install'],
}
file { '/etc/sysconfig/saslauthd':
ensure => file,
content => template("postfix/saslauthd.erb"),
owner => root,
group => root,
mode => '0644',
require => Class['postfix::install'],
}
}
service.pp
class postfix::service {
service { 'postfix':
ensure => 'running',
enable => 'true',
hasrestart => 'true',
hasstatus => 'true',
subscribe => File['/etc/postfix/main.cf'],
}
service { 'saslauthd':
ensure => 'running',
enable => 'true',
hasrestart => 'true',
hasstatus => 'true',
subscribe => File[['/usr/lib/sasl2/smtpd.conf'],['/etc/sysconfig/saslauthd']],
}
}2、templates目录
main.cf.erb #配置文件,centos6.5默认会安装postfix2.6.6版本;根据网络环境修改mynetworks参数
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all inet_protocols = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 myhostname = mail.eworkpal.com mydomain = eworkpal.com myorigin = $mydomain mynetworks = 127.0.0.1,10.188.1.0/24 home_mailbox = Maildir/ smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous
saslauthd.erb
# Directory in which to place saslauthd's listening socket, pid file, and so # on. This directory must already exist. SOCKETDIR=/var/run/saslauthd # Mechanism to use when checking passwords. Run "saslauthd -v" to get a list # of which mechanism your installation was compiled with the ablity to use. MECH=shadow # Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line. # DAEMONOPTS=--user saslauth # Additional flags to pass to saslauthd on the command line. See saslauthd(8) # for the list of accepted flags. FLAGS=
smtpd.conf.erb
pwcheck_method: saslauthd
四、Foreman配置
参考前面文章,这里不需要设置参数
五、测试
1、设置DNS解析
A记录:mail.ewin.com 10.188.1.41
MX记录:mail.ewin.com
2、添加用户
[root@T-Master-41 postfix]#
3、测试sasl认证
[root@T-Master-41 postfix]#
4、测试SMTP认证
获取账号密码的加密字符串
[root@T-Master-41 postfix]# perl -e 'use MIME::Base64; print encode_base64("username01@ewin.com")'
c2VydmljZTFAZXdvcmtwYWwuY29t
[root@T-Master-41 postfix]# perl -e 'use MIME::Base64; print encode_base64("password")'
ZXdpbmluZm8=邮件发送测试
[root@T-Master-41 postfix]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.ewin.com ESMTP Postfix - by ewin.com ehlo mail.ewin.com 250-mail.ewin.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN mail from:username01@ewin.com 250 2.1.0 Ok rcpt to:xxxxx@qq.com #这里换成你的正常邮箱 554 5.7.1 <xxxxx@qq.com>: Relay access denied #没有登陆,提示访问拒绝 auth login 334 VXNlcm5hbWU6 c2VydmljZTFAZXdvcmtwYWwuY29t #输入用户名加密字符串 334 UGFzc3dvcmQ6 ZXdpbmluZm8= #输入密码加密字符串 235 2.7.0 Authentication successful rcpt to:xxxxx@qq.com 250 2.1.5 Ok data 354 End data with <CR><LF>.<CR><LF> subject:smtp test3 this is test mail3 .! . 250 2.0.0 Ok: queued as 9E9EC40B0F quit 221 2.0.0 Bye Connection closed by foreign host.
5、查看日志
[root@T-Master-41 postfix]# tail -n 30 /var/log/maillog Sep 19 19:13:13 T-Master-41 postfix/smtpd[26064]: connect from localhost[::1] Sep 19 19:14:45 T-Master-41 postfix/smtpd[26064]: 9E9EC40B0F: client=localhost[::1], sasl_method=login, sasl_username=username01@ewin.com Sep 19 19:15:19 T-Master-41 postfix/cleanup[26183]: 9E9EC40B0F: message-id=<20150919111445.9E9EC40B0F@mail.ewin.com> Sep 19 19:15:19 T-Master-41 postfix/qmgr[16895]: 9E9EC40B0F: from=<username01@ewin.com>, size=383, nrcpt=1 (queue active) Sep 19 19:15:22 T-Master-41 postfix/smtpd[26064]: disconnect from localhost[::1] Sep 19 19:15:24 T-Master-41 postfix/smtp[26193]: 9E9EC40B0F: to=<xxxxx@qq.com>, relay=mail.qq.com[xxx.xx.x.xxx]:25, delay=44, delays=39/0.01/4.1/0.72, dsn=2.6.0, status=sent (250 2.6.0 <20150919111445.9E9EC40B0F@mail.ewin.com> [InternalId=618792] Queued mail for delivery) Sep 19 19:15:24 T-Master-41 postfix/qmgr[16895]: 9E9EC40B0F: removed
6、查看邮箱目录
/home/username01/Maildir
