Linux 第十一週學習筆記(1)SMTP服務進階篇

時間  2019-11-22
標籤 linux 第十 一週 1周 學習 筆記 smtp 服務 進階 欄目 Linux 简体版
原文   原文鏈接

SMTP服務部署-進階篇php

緊接着上週的內容。html

一.遠程登錄限制mysql

因爲當前全部虛擬機均可以遠程鏈接實現發送郵件的服務,很明顯這是步安全的。linux

如何實現登錄限制:ios

在個人客戶機(desktop)上sql

1.cd /etc/postfix/數據庫

在最後一行添加:拒絕登錄的ip REJECTvim

如:172.25.254.50 REJECT瀏覽器

2.postmap access #加密文件,這樣會生成一個access.db文件安全

3.postconf -d | grep client #篩選配置項目。並查詢

4. postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"#寫入配置文件

這個配置文件在:/etc/postfix/main.cf的最後面

wKioL1hJgYvQl6YmAAIIQxhgDw4894.png-wh_50

5.重啓服務

systemctl restart postfix.service

測試:

在個人ip50的主機上:

wKioL1hJgaKzcQ_sAAEoBeWWGhY649.png-wh_50

說明:這裏的限制登錄其實是能夠經過telnet鏈接的,可是郵件是發不出去的

@還原操做:刪除/etc/postfix/main.cf的最後一行,

Postmap access #從新加密,最後重啓服務便可

二.凍結用戶郵件服務

/etc/postfix/目錄下

1.vim sender

輸入內容:westos@lyitx.com REJECT

2.postmap sender

3.postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"

4.systemctl restart postfix.service

測試:

在另一臺虛擬機上測試:

[kiosk@foundation50 Desktop]$ telnet 172.25.254.166 25

Trying 172.25.254.166...

Connected to 172.25.254.166.

Escape character is '^]'.

220 maillyitx.lyitx.com ESMTP Postfix

mail from:westos@lyitx.com

250 2.1.0 Ok

rcpy to:root@linux.com

502 5.5.2 Error: command not recognized

rcpt to:root@linux.com

554 5.7.1 <westos@lyitx.com>: Sender address rejected: Access denied

 

 

三.拒絕用戶接收郵件

1.vim recip  #寫入要拒絕接收郵件的用戶全名

westos@lyitx.com        REJECT

2.postmap recip#加密

3.postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"

4. systemctl restart postfix.service

測試:

50主機:

[kiosk@foundation50 Desktop]$ telnet 172.25.254.166 25

wKiom1hJgb-DgNc8AAHqx2rVD2Q186.png-wh_50

以上操做在/etc/postfix/main.cf的最後一行能夠看到

readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender

smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip

@@不干擾後續實驗,在這裏進行操做的還原

具體方法:

刪除/etc/postfix/main.cf文件的最後兩行

而後重啓服務便可

 

四.豆腐塊(dovecot

desktop主機(172.25.254.166)上

1.yum install dovecot -y

2.vim /etc/dovecot/dovecot.conf

24行註釋取消

24 protocols = imap pop3 lmtp

49 disable_plaintext_auth = no

 50 login_trusted_networks = 0.0.0.0/0#容許外網登錄

3.cd /etc/dovecot/conf.d/

vim 10-mail.conf

加入如下內容

30行: mail_location = mbox:~/mail:INBOX=/var/mail/%u

4.systemctl start dovecot

@以上幾步操做目的在於開放端口

wKioL1hJgeCB_OcUAAIpeYiDwdM078.png-wh_50

5.su - westos####在這裏須要手動創建文件(已經存在的用戶)

6.mkdir -p /home/westos/mail/.imap

7.touch /home/westos/mail/.imap/INBOX

8.su - root

這裏有一個一勞永逸的方法:

在超級用戶下:

cd /etc/skel/

mkdir mail/.imap/INBOX

(如此設置可讓每個新建用戶建立時系統都會自動建立目錄)

最後重啓服務:

systemctl restart dovecot.service

測試:

在其餘主機上測試:

1.yum install mutt -y

2.mutt -f imap://westos@172.25.254.166

wKioL1hJgfSjGLANAAGD3QvjB6M335.png-wh_50

根據提示輸入密碼後就能夠看到westos用戶的郵件

[root@foundation50 Desktop]# telnet 172.25.254.166 110

Trying 172.25.254.166...

Connected to 172.25.254.166.

Escape character is '^]'.

+OK [XCLIENT] Dovecot ready.

user westos

+OK

pass redhat

+OK Logged in.

操做成功

五.用雷鳥接收郵件

打開雷鳥軟件

 

wKiom1hJgg2w3zFzAAB0YKLkOuo753.png-wh_50

wKioL1hJgiLTc6gOAAD61jgSjjI319.png-wh_50

wKiom1hJgjTjHj32AAE-eITLXVg618.png-wh_50

wKioL1hJgkbBVnB9AAFKJOHHTIM016.png-wh_50

這樣就能夠在軟件中受到郵件了

 

####數據庫虛擬用戶接收郵件###

1.安裝數據庫

yum install mysql-server -y

systemctl start mariadb

vim /etc/my.cnf

配置文件改成:

symbolic-links=1

systemctl restart mariadb##

mysql_secure_installation#安全初始化,設置root密碼。而後一直空格

2.phpmyadmin的安裝在網頁上顯示操做數據庫

yum install httpd -y

systemctl start httpd

mv phpMyAdmin-3.4.0-all-languages.tar.bz2 /var/www/html/

cd /var/www/html/

tar -jxf phpMyAdmin-3.4.0-all-languages.tar.bz2  ##解壓文件

mv phpMyAdmin-3.4.0-all-languages myadmin   ##改個簡單的名字

systemctl stop firewalld.service ##關閉火牆

yum install php -y##安裝php,沒有php環境顯示不了

systemctl restart httpd.service ##安裝事後須要從新啓http

cd myadmin/

cp -p config.sample.inc.php config.inc.php##將模板文件複製成一個真正的配置文件

vim config.inc.php  ##在文件中添加如cookie

$cfg['blowfish_secret'] = 'westos'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

yum install php-mysql.x86_64 -y##關聯數據庫

systemctl restart httpd.service

瀏覽器中輸入:安裝數據庫的服務器的ip地址/myadmin

 

wKiom1hJgliwAci3AADt6baKrDw000.png-wh_50

在建立一個名爲:email的數據庫,建立一個爲muser的表,字段數設置爲4.

詳細設置以下:

wKiom1hJgmqT4et3AAGLCGq90tY974.png-wh_50

wKioL1hJgnux6MqxAAJAg9E_9xQ309.png-wh_50

而後在本地數據庫中新建用戶:

MariaDB [(none)]> select * from email.muser;

+-----------------+----------+-----------+------------------+

| username        | password | domain    | maildir          |

+-----------------+----------+-----------+------------------+

| admin@lyitx.org | 123      | lyitx.org | lyitx.org/admin/ |

+-----------------+----------+-----------+------------------+

1 row in set (0.00 sec)

 

建立用戶:CREATE USER postfix@localhost identified by ‘postfix’

再進行受權,(圖中)

GRANT INSERTUPDATESELECT on emial.* to postfix@localhost;

而後退出

3.文件的編寫:

再安裝有數據庫的主機上:

cd /etc/postfix/

vim mysql-users.cf

手動編寫如下內容

hosts = localhost

user = postfix

password = postfix

dbname = email

table = muser

select_field = username

where_field = username

保存退出

 

vim mysql-domain.cf

編寫:

hosts = localhost

user = postfix

password = postfix

dbname = email

table = muser

select_field = domain

where_field = domain

 

vim mysql-maildir.cf

hosts = localhost

user = postfix

password = postfix

dbname = email

table = muser

select_field = maildir

where_field = username

wKioL1hJgo3waSRNAAGqC8PKilY772.png-wh_50

 

而後對這三個文件進行加密處理

wKioL1hJgqCxBY1YAAFJxY4Xo5o702.png-wh_50

糾正一下:圖中顯示的內容應爲

lyitx.org/admin/

 

4.建立vmail用戶,mail

groupadd -g 666 vmail

useradd -g 666 -u 666 -s /sbin/nologin vmail

細節:參數不能少,若是出錯要從新創建用戶須要執行:

userdel -r vmail

5.寫入配置文件

 

wKiom1hJgrajGCRMAAMspjCje4o156.png-wh_50

在配置文件/etc/postfix/main.cf的最後能夠看到寫入的內容

virtual_gid_maps = static:666

virtual_uid_maps = static:666

virtual_mailbox_base = /home/vmail

virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf

 

6.重啓postfix服務

Systemctl restart postfix.severice

 

測試:就在當前主機給admin@lyitx.org 用戶發送郵件

若是在/home/vmail/lyitx.org/admin/new目錄下查看到郵件,說明操做成功!

 

[root@maillyitx new]# pwd

/home/vmail/lyitx.org/admin/new

[root@maillyitx new]# ls

1481167802.Vfd01I280a514M732414.maillyitx.lyitx.com

1481167902.Vfd01I280a515M599277.maillyitx.lyitx.com

1481167977.Vfd01I280a516M115286.maillyitx.lyitx.com

1481185764.Vfd01I280a51eM96871.maillyitx.lyitx.com

[root@maillyitx new]#

 

豆腐塊&數據庫

cp /usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext /etc/dovecot/

cd /etc/dovecot

vim dovecot-sql.conf.ext

 32 driver = mysql

71 connect = host=localhost dbname=email user=postfix password=postfix

 78 default_pass_scheme = PLAIN

107 password_query = \

108   SELECT username, domain, password \

109   FROM muser WHERE username = '%n' AND domain = '%d'

125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM muser WHERE userid = '%u'

 

Vim /etc/dovecot/conf.d/10-mail.conf

30 mail_location = maildir:/home/vmail/%d/%n

168 first_valid_uid = 666

175 first_valid_gid = 666

最後重啓服務

Ststemctl restart dovecot

在其餘主機上,用telnet鏈接上,就表示實驗成功

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程