You are here
马哥 25_02 _邮件服务系列之编译安装Postfix-2.10.0 有大用
MTA:邮件传输代理 SMTPD(smtp服务器)
sendmail (占据邮件服务器的50%以上), UUCP
sendmail 有点老,单体结构,所有的功能使用一个进程来实现 1-2M
某些程序的执行要利用到SUID
配置文件语法(m4编写)复杂难懂,有替代文件,但也不容易理解和使用
qmail (作者是数学家)体积不到1M,速度是sendmail的20倍左右,作者没有维护(粉丝维护的不理想)直下坡路,很少听到它了,有些商业系统使用它,因为性能太好,pc机一秒钟可发20多封
postfix 邮件服务器三剑客之一,新贵,模块化设计,避免使用SUID,作者是IBM安全领域的一个专家,一开始它就注入了邮件服务器安全的观念,跟sendmail兼容性好,sendmail的有些配置文件可以直接拿来使用的,投递效率相当于sendmail的4倍,一般新邮件系统使用postfix 1-2M
exim 英国剑桥大学的(有两个,一个是exim,另一个是zen),也是一个MTA,配置语法简单,使用起来简易
Eachange (Windows 平台上的,异步消息协作平台) 还能共享日历,必须要跟LDAP,跟windows的ad (active directory)整合起来,非常重量级,大约几个G,提供了图形界面,提供了pop3,imap等服务
只学postfix
SASL: 邮箱认证 v1版, v2版(用得比较多)
saslauthd
由软件cyrus-sasl提供
courier(美籍俄罗斯人提供的)(MTA MDA MRA 都有 (应该也有MUA))
MTA没有postfix好,
所以通常 postfix作MTA,courier-authlib到mysql或LDAP来完成认证的,因为它比cyrus-sasl的认证机制配置起来功能更强大,更灵活,它本身是一个库
[root@localhost ~]# yum list all | grep sasl
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
file:///media/cdrom/Server/repodata/repomd.xml: [Errno 5] OSError: [Errno 2] 没有那个文件或目录: '/media/cdrom/Server/repodata/repomd.xml'
Trying other mirror.
cyrus-sasl.i386 (服务器端) 2.1.22-7.el5_8.1 installed
cyrus-sasl-devel.i386 2.1.22-7.el5_8.1 installed
cyrus-sasl-lib.i386 2.1.22-7.el5_8.1 installed
cyrus-sasl-plain.i386 (认证机制) 2.1.22-7.el5_8.1 installed
cyrus-sasl-gssapi.i386 (认证机制) 2.1.22-7.el5_8.1 rhel-debuginfo
cyrus-sasl-ldap.i386 (认证机制) 2.1.22-7.el5_8.1 rhel-debuginfo
cyrus-sasl-md5.i386 (认证机制) 2.1.22-7.el5_8.1 rhel-debuginfo
cyrus-sasl-ntlm.i386 (好像也是认证机制) 2.1.22-7.el5_8.1 rhel-debuginfo
cyrus-sasl-sql.i386 (认证机制)(配置复杂,借助于另外一个机制,美籍俄罗斯人提供的组件courier) 2.1.22-7.el5_8.1 rhel-debuginfo
gnu-crypto-sasl-jdk1.4.i386 2.1.0-2jpp.1 rhel-debuginfo
[root@localhost ~]#
sasl 只是一个认证框架,认证平台,并不负责实现认证
给房间装砌个墙,弄个门,在门上弄锁,弄个看门狗等
MDA: 邮件投递代理,绝大部分邮件服务器,默认自己已经整合了一个投递代理,比如postfix,只不过投递代理是另外一款软件,SMTP本身不具备邮箱服务的能力的,
procmail (sendmail使用的投递程序)
maildrop (专门用于实现邮件投递代理的,它其实只是一个组件,投递时可以实现垃圾邮件过滤的,能够抽取邮件的特征码来实现过滤垃圾邮件)(语言是m4的,难于理解),,我们可能会为postfix专门提供maildrop来实现邮件投递
postfix 附带的邮件投递有两个:
1)本地用户邮件投递
2)虚拟用户邮件投递
MRA: (pop3,imap4)
cyrus-imap Cyrus-IMAP做 POP3/IMAP4服务器 Cyrus-IMAP和Dovecot一样可以用来提供pop和imap服务
dovecot (鸽子笼子) Dovecot 是一个开源的 IMAP 和 POP3 邮件服务器
MUA:
Outlook Express (简装版) , Outlook(Office里一块来装,专业版)
Foxmail 被腾讯收购的
Thunderbind (linux上的)
Evolution (linux上的)
mutt(linux上的纯文本界面,专业级别的)
Webmail:邮箱服务程序 安装在web服务器,并且要配置好到哪里去找服务器的,
Openwebmail(台湾人研发的)能够与sendmail结合起来工作的 perl研发的
squirrelmail (redhat自带的) php研发的
Extmail (国内的) (Extman (man 即 manager) 管理界面) 已经商业化了,开源版本更新速度慢,OS CentOS ,已经整合进了extmail,extman,所以叫做EMOS,也是perl?开发的,界面类似于126邮箱的界面 它的开源版本现在仍可用
发邮件的服务器 Postfix + SASL(认证程序) (courier-authlib)(基于mysql的认证) + MySQL (实现虚拟用户,检索虚拟用户账号)
收邮件的服务器 Dovecot (本身就能实现认证) + MySQL (实现虚拟用户,检索虚拟用户账号)
WebMail: Extmail + Extman + httpd
posfix: rpm 包 (红帽提供的,不支持SASL完成到虚拟用户的认证,所以系统自带的rpm包不符合我们的需要)
自己编译安装postfix吧
smtpd 监听在25号端口 由下面25号端口已经有sendmail (红帽6上默认是postfix了)
[root@www ~]# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3819/./hpiod
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 3832/php-fpm
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3427/portmap
tcp 0 0 0.0.0.0:691 0.0.0.0:* LISTEN 3477/rpc.statd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3853/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3867/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4012/sendmail
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3824/python
tcp 0 0 :::3306 :::* LISTEN 4091/mysqld
tcp 0 0 :::80 :::* LISTEN 4095/httpd
tcp 0 0 :::22 :::* LISTEN 3853/sshd
[root@www ~]#
一般来讲,装完系统后,邮件服务器是自动安装的,自动启动的,因为系统上的很多自动化任务,需要通过邮件服务器向管理员通知及执行信息的,
这里 我们不用sendmail 停用它,卸载它, 或者关闭它,重命名
停用服务
[root@www ~]# service sendmail stop
关闭 sm-client: [确定]
关闭 sendmail: [确定]
[root@www ~]#
停用服务
[root@www ~]# chkconfig sendmail off
[root@www ~]#
不卸载,不用重命名,此时,安装postfix 会把它覆盖掉
卸载sendmail
[root@www ~]# rpm -e sendmail # 此时未执行
sendmail 有多个组件 根据下面的 只安装了一个
[root@www ~]# yum list all | grep sendmail
sendmail.i386 8.13.8-8.1.el5_7 installed
sendmail-cf.i386 8.13.8-8.1.el5_7 Cdrom_Base
sendmail-devel.i386 8.13.8-8.1.el5_7 Cdrom_Base
sendmail-doc.i386 8.13.8-8.1.el5_7 Cdrom_Base
[root@www ~]#
卸载sendmail
[root@www ~]# rpm -e sendmail
error: Failed dependencies:
/usr/sbin/sendmail is needed by (installed) redhat-lsb-4.0-2.1.4.el5.i386
smtpdaemon is needed by (installed) mdadm-2.6.9-5.el5.i386
smtpdaemon is needed by (installed) fetchmail-6.3.6-4.el5.i386
smtpdaemon is needed by (installed) mutt-1.4.2.2-6.el5.i386
[root@www ~]#
不考虑依赖,直接卸载
[root@www ~]# rpm -e sendmail --nodeps
warning: /var/log/mail/statistics saved as /var/log/mail/statistics.rpmsave
[root@www ~]#
要先安装mysql,才能使编译出来的postfix实现基于mysql的认证
最重要的是mysql的头文件,库文件要提供(即它的开发环境)
由下面 mysql 已经安装好了
[root@www ~]# ls /usr/local/
apache bin include mysql php src
apr etc lib mysql-5.5.28-linux2.6-i686 sbin
apr-util games libexec mysql-5.6.10-linux-glibc2.5-i686 share
[root@www ~]#
http://www.postfix.org/download.html
http://mirror.postfix.jp/postfix-release/index.html
下载 postfix-2.10.10.tar.gz 到linux上,放在家目录下
解压
[root@www ~]# tar xf postfix-2.10.10.tar.gz
[root@www ~]# cd postfix-2.10.10
[root@www postfix-2.10.10]#
[root@www postfix-2.10.10]# ls
AAAREADME makedefs RELEASE_NOTES-2.2
auxiliary Makefile RELEASE_NOTES-2.3
bin Makefile.in RELEASE_NOTES-2.4
COMPATIBILITY Makefile.init RELEASE_NOTES-2.5
conf man RELEASE_NOTES-2.6
COPYRIGHT mantools RELEASE_NOTES-2.7
examples pflogsumm_quickfix.txt RELEASE_NOTES-2.8
HISTORY PORTING RELEASE_NOTES-2.9
html postfix-install src
implementation-notes proto TLS_ACKNOWLEDGEMENTS
include README_FILES TLS_CHANGES
INSTALL RELEASE_NOTES TLS_LICENSE
IPv6-ChangeLog RELEASE_NOTES-1.0 TLS_TODO
lib RELEASE_NOTES-1.1 US_PATENT_6321267
libexec RELEASE_NOTES-2.0
LICENSE RELEASE_NOTES-2.1
[root@www postfix-2.10.10]#
没有config脚本 无法使用 configure , make , make install 的方式来安装
[root@www postfix-2.10.10]# less INSTALL
Postfix Installation From Source Code
-------------------------------------------------------------------------------
1 - Purpose of this document
If you are using a pre-compiled version of Postfix, you should start with
BASIC_CONFIGURATION_README and the general documentation referenced by it.
INSTALL is only a bootstrap document to get Postfix up and running from scratch
with the minimal number of steps; it should not be considered part of the
general documentation.
This document describes how to build, install and configure a Postfix system so
that it can do one of the following:
* Send mail only, without changing an existing Sendmail installation.
* Send and receive mail via a virtual host interface, still without any
change to an existing Sendmail installation.
* Run Postfix instead of Sendmail.
Topics covered in this document:
1. Purpose of this document
INSTALL
一般来讲 ,这里建一个普通用户 ,id号要大于1000 ,这里马哥弄了 2525 的 id 号
postdrop主要是用来投递邮件的
用得最多的是 postdrop 这个组
CCARGS 指定C编译选项,到哪里去找哪个系统的头文件的
-DHAS_MYSQL 表示支持mysql驱动
-DUSE_SASL_AUTH 表示使用SASL认证,头文件就是 /usr/include/sasl
-DUSE_TLS 让我们的smtp要支持 smtps 协议
AUXLIBS 辅助的库文件路径 告诉编译过程到哪里去找相应的额外的库文件的
/usr/lib/mysql 是 mysql的库文件
lmysqlclient 是 mysql客户端的库文件
-lz 表示压缩库文件
-lm 表示模块文件
-lssl 表示 ssl的库文件
-lsasl2 表示 ssl2的库文件
-lcrypto 表示加密的库文件
依赖别人的程序,本质上就是两点,库文件和头文件
协议有
smtps
pop3s
imaps
这些协议都是基于(ssl?)来工作的,它们都是明文的,不安全,
smtp-->SMTPS (它的工作机制是不怎么实用的)
pop3S 比较实用
它安装起来复杂,直接放在根下,跟脚本配合起来更容易,跟其它系统配合起来更容易,可能使用到
/usr/bin /usr/sbin /bin /sbin 可能是分散安装的了
卸载麻烦,
uid 与 组id 一定要保持一致,尽可能大于1000
(-M 不创建家目录, -s /sbin/nologin 不让它登录)
[root@www postfix-2.10.10]# groupadd -g 2525 postfix
[root@www postfix-2.10.10]# useradd -g 2525 -u 2525 -M -s /sbin/nologin postfix
[root@www postfix-2.10.10]# groupadd -g 2526 postdrop
[root@www postfix-2.10.10]# useradd -g 2526 -u 2526 -M -s /sbin/nologin postdrop
[root@www postfix-2.10.10]#
验证一下
[root@www postfix-2.10.10]# id postfix
uid=2525(postfix) gid=2525(postfix) groups=2525(postfix)
[root@www postfix-2.10.10]# id postdrop
uid=2526(postdrop) gid=2526(postdrop) groups=2526(postdrop)
[root@www postfix-2.10.10]#
mysql 使用源码或通用二进制安装,最稳健的做法:
头文件路径 /usr/local/mysql/include
库文件路径 /usr/local/mysql/lib
看看 sasl2的库
[root@www postfix-2.10.10]# yum list all | grep sasl
file:///media/cdrom/Server/repodata/repomd.xml: [Errno 5] OSError: [Errno 2] 没有那个文件或目录: '/media/cdrom/Server/repodata/repomd.xml'
Trying other mirror.
cyrus-sasl.i386 2.1.22-7.el5_8.1 installed
cyrus-sasl-devel.i386 2.1.22-7.el5_8.1 installed (确保安装,一般都是默认已经安装的)
cyrus-sasl-lib.i386 2.1.22-7.el5_8.1 installed
cyrus-sasl-plain.i386 2.1.22-7.el5_8.1 installed (确保安装,一般都是默认已经安装的)
# (后面这几个,一般用不上,不用管)
cyrus-sasl-gssapi.i386 2.1.22-7.el5_8.1 Cdrom_Base
cyrus-sasl-ldap.i386 2.1.22-7.el5_8.1 Cdrom_Base
cyrus-sasl-md5.i386 2.1.22-7.el5_8.1 Cdrom_Base
cyrus-sasl-ntlm.i386 2.1.22-7.el5_8.1 Cdrom_Base
cyrus-sasl-sql.i386 2.1.22-7.el5_8.1 Cdrom_Base
gnu-crypto-sasl-jdk1.4.i386 2.1.0-2jpp.1 Cdrom_Base
[root@www postfix-2.10.10]#
[root@www postfix-2.10.10]# rpm -ql cyrus-sasl-devel
[root@www postfix-2.10.10]# cd /usr/lib/sasl2/
[root@www sasl2]# ls
libanonymous.la liblogin.so.2 libsasldb.la
libanonymous.so liblogin.so.2.0.22 libsasldb.so
libanonymous.so.2 libplain.la libsasldb.so.2
libanonymous.so.2.0.22 libplain.so libsasldb.so.2.0.22
liblogin.la libplain.so.2
liblogin.so libplain.so.2.0.22
[root@www sasl2]#
[root@www sasl2]# ll
总计 1016
-rwxr-xr-x 1 root root 884 2012-08-21 libanonymous.la
lrwxrwxrwx 1 root root 22 2018-11-10 libanonymous.so -> libanonymous.so.2.0.22
lrwxrwxrwx 1 root root 22 2018-11-10 libanonymous.so.2 -> libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 14404 2012-08-21 libanonymous.so.2.0.22
-rwxr-xr-x 1 root root 856 2012-08-21 liblogin.la
lrwxrwxrwx 1 root root 18 2018-11-10 liblogin.so -> liblogin.so.2.0.22
lrwxrwxrwx 1 root root 18 2018-11-10 liblogin.so.2 -> liblogin.so.2.0.22
-rwxr-xr-x 1 root root 14784 2012-08-21 liblogin.so.2.0.22
-rwxr-xr-x 1 root root 856 2012-08-21 libplain.la
lrwxrwxrwx 1 root root 18 2018-11-10 libplain.so -> libplain.so.2.0.22
lrwxrwxrwx 1 root root 18 2018-11-10 libplain.so.2 -> libplain.so.2.0.22
-rwxr-xr-x 1 root root 14880 2012-08-21 libplain.so.2.0.22
-rwxr-xr-x 1 root root 930 2012-08-21 libsasldb.la
lrwxrwxrwx 1 root root 19 2018-11-10 libsasldb.so -> libsasldb.so.2.0.22
lrwxrwxrwx 1 root root 19 2018-11-10 libsasldb.so.2 -> libsasldb.so.2.0.22
-rwxr-xr-x 1 root root 905200 2012-08-21 libsasldb.so.2.0.22
[root@www sasl2]#
sasl2 没有编译,就使用系统的rpm包了,只有mysql是自己定制的,所以只有mysql的路径作相应的修改,其它不需要改动
[root@www postfix-2.10.10]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl -DUSE_TLS ' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/lib/sasl2 -lsasl2 -lssl -lcrypto'
http://www.postfix.org/documentation.html 帮助文档 手册
[root@www postfix-2.10.10]# make
.....................
[root@www postfix-2.10.10]# make install
.....................
if you are building ready-to-install packages for distribution to OTHER
machines. See PACKAGE_README for instructions.
install_root: [/]
Please specify a directory for scratch files while installing Post
must have write permission in this directory.
tempdir: [/root/postfix-2.10.10] /tmp
Please specify the final destination directory for installed Postf
configuration files.
config_directory: [/etc/postfix]
Please specify the final destination directory for installed Postf
administrative commands. This directory should be in the command s
path of adminstrative users.
command_directory: [/usr/sbin]
Please specify the final destination directory for installed Postf
daemon programs. This directory should not be in the command searc
of any users.
daemon_directory: [/usr/libexec/postfix]
Please specify the final destination directory for Postfix-writabl
data files such as caches or random numbers. This directory should
be shared with non-Postfix software.
data_directory: [/var/lib/postfix]
Please specify the final destination directory for the Postfix HTML
files. Specify "no" if you do not want to install these files.
html_directory: [no]
Please specify the owner of the Postfix queue. Specify an account with
numerical user ID and group ID values that are not used by any other
accounts on the system.
mail_owner: [postfix]
Please specify the final destination pathname for the installed Postfix
mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq]
Please specify the final destination directory for the Postfix on-line
manual pages. You can no longer specify "no" here.
manpage_directory: [/usr/local/man]
Please specify the final destination pathname for the installed Postfix
newaliases command. This is the Sendmail-compatible command to build
alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases]
Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix]
Please specify the final destination directory for the Postfix README
files. Specify "no" if you do not want to install these files.
readme_directory: [no]
Please specify the final destination pathname for the installed Postfix
sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail]
Please specify the group for mail submission and for queue management
commands. Specify a group name with a numerical group ID that is
not shared with other accounts, not even with the Postfix mail_owner
account. You can no longer specify "no" here.
setgid_group: [postdrop]
....................
以上就安装结束了
下面启动服务
cd 后面不跟参数,就到了家目录
[root@www postfix-2.10.10]# cd
启动服务
[root@www ~]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@www ~]#
[root@www ~]# netstat -tnlp # 看到 0.0.0.0:25 ,说明postfix启动成功了吧
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 4691/./hpiod
tcp 0 0 127.0.0.1:9000 0.0.0.0:* LISTEN 4704/php-fpm
tcp 0 0 0.0.0.0:713 0.0.0.0:* LISTEN 4347/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 4288/portmap
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4725/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3422/cupsd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 11845/master
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 4696/python
tcp 0 0 :::3306 :::* LISTEN 4919/mysqld
tcp 0 0 :::80 :::* LISTEN 4922/httpd
tcp 0 0 :::22 :::* LISTEN 4725/sshd
[root@www ~]#
[root@www ~]# tail /var/log/maillog
Apr 24 14:03:10 www postfix/postfix-script[11843]: starting the Postfix mail system
Apr 24 14:03:10 www postfix/master[11845]: daemon started -- version 2.10.10, configuration /etc/postfix
[root@www ~]#
postfix的配置文件:
postfix模块化
核心模块(核心进程) master: 核心配置文件(用于控制启动的其它进程) (主进程的配置文件)/etc/postfix/master.cf
各种子进程(辅助进程) 其它进程的配置文件 mail: /etc/postfix/main.cf (整个邮件服务的所有其它真正实现邮件功能的配置文件)
参数= 值(可以换行)
(参数必须要顶格写,必须写在行的绝对行首,以空白开头的行被认为是上一行的延续,不需要续行符)
[root@www ~]# cd /etc/postfix/
[root@www postfix]#
[root@www postfix]# cat master.cf
[root@www postfix]# less master.cf
[root@www postfix]# less main.cf #(这里是每一个模块的配置)
看多少行
[root@www postfix]# wc -l main.cf
657 main.cf
[root@www postfix]#
[root@www postfix]# vim main.cf
postconf 命令
[root@www postfix]# postconf -h (就是 --help 吧 )
[root@www postfix]# man postconf
[root@www postfix]# postconf -d # -d (default)显示postfix的默认配置
[root@www postfix]# postconf -n # -n (new) 我们自己改的新的配置
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bi n ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
[root@www postfix]#
postconf: 配置 postfix
-d:显示默认配置 (default)
-n:修改了的配置 (new)
-m:显示支持的查找表类型
-A: 显示支持的SASL客户端插件类型(能够支持哪些客户端的SASL认证功能)
-e PARAMETER=VALUE: 更改某参数配置信息,并保存至main.cf文件中
[root@www postfix]# man postconf
[root@www postfix]# postconf -m #到哪里找用户的账号密码,用户的邮箱列表等等
btree
cidr
environ
fail
hash
internal
memcache
mysql
nis
pcre
proxy
regexp
socketmap
static
tcp
texthash
unix
[root@www postfix]#
[root@www ~]# postconf -A
cyrus
[root@www ~]#
下图其实在 1,2,3,4之前 还有 TCP 的三次握手吧
邮件服务状态码:
1xx开头是纯信息
2xx开头是正确码
3xx开头(是重定向http叫重定向)(邮件服务来讲叫信息处理尚未完毕,还需要进一步的操作)
4xx开头(是客户端错误,http叫客户端错误)(对邮件服务来讲,是暂时性错误)
5xx开头(是服务端错误,http叫服务端错误)(对邮件服务来讲,是永久性错误)
smtp协议命令(原语):
helo (smtp协议) (比hello少了一个l ,注意)
ehlo (esmtp协议)
mail from: (mail from: 前后不要有空格) 表示发件人是谁
rcpt to: (rcpt 就是 receive accept?) 表示收件人是谁
alias: 邮件别名
abc@magedu.com: postmaster@magedu.com
(看上去是 abc 的地址 ,实际上发往了 postmaster 地址,这就叫邮件别名)
postfix依赖这个邮件别名来看一看这个邮件用户到底在不在的
/etc/aliases 定义别名,postfix无法使用它,因为检索文件太慢,
所以 hash (散列)--> /etc/aliases.db
# newaliases 命令 把 /etc/aliases 散列成 /etc/aliases.db
[root@www ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 www.a.org ESMTP Postfix
helo
501 Syntax: HELO hostname
helo localhost
250 www.a.org
ehlo localhost
250-www.a.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: root (发件人,应该可以随便填)
250 2.1.0 Ok
mail from: obama@whitehouse.com
503 5.5.1 Error: nested MAIL command
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@www ~]#
[root@www ~]# useradd openstack 再建个用户
[root@www ~]# useradd hadoop
useradd:用户 hadoop 已存在
[root@www ~]# useradd tomcat
[root@www ~]#
域名,有mx记录,有A记录,有PTR记录
(A记录必须要有PTR,如果没有PTR,如果没有,它就会认为是一个垃圾邮件服务器,)
(谷歌,雅虎,126都不会接受你的邮件了)(所以邮件服务器必须能反解)
[root@www ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 www.a.org ESMTP Postfix
helo localhost
250 www.a.org
mail from: root
250 2.1.0 Ok
mail to:openstack
503 5.5.1 Error: nested MAIL command
rcpt to:openstack
451 4.3.0 <openstack>: Temporary lookup failure (出现此错,可能是没有用户,或者用户没有密码?(是吗)错误等错误)
[root@www ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 www.a.org ESMTP Postfix
helo
501 Syntax: HELO hostname
helo localhost
250 www.a.org
mail from: root
250 2.1.0 Ok
rcpt to: openstack
451 4.3.0 <openstack>: Temporary lookup failure
data
554 5.5.1 Error: no valid recipients
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@www ~]#
[root@www ~]# tail /var/log/maillog
Apr 30 14:19:25 www postfix/smtpd[15263]: warning: hash:/etc/aliases is unavailable. open database /etc/aliases.db: No such file or directory
Apr 30 14:19:25 www postfix/smtpd[15263]: warning: hash:/etc/aliases lookup error for "openstack@www.a.org"
Apr 30 14:19:25 www postfix/smtpd[15263]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 451 4.3.0 <openstack>: Temporary lookup failure; from=<root> to=<openstack> proto=SMTP helo=<localhost>
Apr 30 14:24:25 www postfix/smtpd[15263]: timeout after RCPT from localhost.localdomain[127.0.0.1]
Apr 30 14:24:25 www postfix/smtpd[15263]: disconnect from localhost.localdomain[127.0.0.1]
Apr 30 14:25:16 www postfix/smtpd[15263]: connect from localhost.localdomain[127.0.0.1]
Apr 30 14:25:54 www postfix/smtpd[15263]: warning: hash:/etc/aliases is unavailable. open database /etc/aliases.db: No such file or directory
Apr 30 14:25:54 www postfix/smtpd[15263]: warning: hash:/etc/aliases lookup error for "openstack@www.a.org"
Apr 30 14:25:54 www postfix/smtpd[15263]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 451 4.3.0 <openstack>: Temporary lookup failure; from=<root> to=<openstack> proto=SMTP helo=<localhost>
Apr 30 14:29:28 www postfix/smtpd[15263]: disconnect from localhost.localdomain[127.0.0.1]
[root@www ~]#
[root@www ~]# newaliases
[root@www ~]#
[root@www ~]# ls /etc | grep alias
aliases
aliases.db
[root@www ~]#
[root@www ~]# postfix stop
postfix/postfix-script: stopping the Postfix mail system
[root@www ~]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@www ~]#
[root@www ~]# tail /var/log/maillog
Apr 30 14:24:25 www postfix/smtpd[15263]: disconnect from localhost.localdomain[127.0.0.1]
Apr 30 14:25:16 www postfix/smtpd[15263]: connect from localhost.localdomain[127.0.0.1]
Apr 30 14:25:54 www postfix/smtpd[15263]: warning: hash:/etc/aliases is unavailable. open database /etc/aliases.db: No such file or directory
Apr 30 14:25:54 www postfix/smtpd[15263]: warning: hash:/etc/aliases lookup error for "openstack@www.a.org"
Apr 30 14:25:54 www postfix/smtpd[15263]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 451 4.3.0 <openstack>: Temporary lookup failure; from=<root> to=<openstack> proto=SMTP helo=<localhost>
Apr 30 14:29:28 www postfix/smtpd[15263]: disconnect from localhost.localdomain[127.0.0.1]
Apr 30 14:52:25 www postfix/postfix-script[15466]: stopping the Postfix mail system
Apr 30 14:52:25 www postfix/master[11845]: terminating on signal 15
Apr 30 14:52:30 www postfix/postfix-script[15537]: starting the Postfix mail system
Apr 30 14:52:30 www postfix/master[15539]: daemon started -- version 2.10.10, configuration /etc/postfix
[root@www ~]#
下面就不会报错了
[root@www ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 www.a.org ESMTP Postfix
helo localhost
250 www.a.org
mail from:obama@w.com
250 2.1.0 Ok
mail to:openstack
503 5.5.1 Error: nested MAIL command
rcpt to:openstack
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject:How are you these days?
Are you gua lema?
. (空格单独一行,里面有个点,表示邮件正文结束了)
250 2.0.0 Ok: queued as 35EC31BB8035
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@www ~]#
[root@www ~]# su - openstack
[openstack@www ~]$ mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/openstack": 1 message 1 new
>N 1 obama@w.com Thu Apr 30 14:57 14/462 "How are you these days?"
& 1
Message 1:
From obama@w.com Thu Apr 30 14:57:55 2020
X-Original-To: openstack
Delivered-To: openstack@www.a.org
Subject:How are you these days?
Date: Thu, 30 Apr 2020 14:56:30 +0800 (CST)
From: obama@w.com
Are you gua le ma?
& quit
Saved 1 message in mbox
[openstack@www ~]$
用两个主机发送邮件看看
只要是本机 ,它都给中继
[root@www ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 www.a.org ESMTP Postfix
helo localhost (输出了,用del键无法删除,只能用ctrl删除?)
250 www.a.org
mail from:a@yahoo.com
250 2.1.0 Ok
rcpt to:jerry@qq.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello
.
250 2.0.0 Ok: queued as DD3901BB8035
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@www ~]#
[root@www ~]# tail /var/log/maillog
Apr 30 15:43:00 www postfix/cleanup[15864]: DD3901BB8035: message-id=<20200430074228.DD3901BB803 5@www.a.org>
Apr 30 15:43:00 www postfix/qmgr[15540]: DD3901BB8035: from=<a@yahoo.com>, size=302, nrcpt=1 (qu eue active)
Apr 30 15:43:01 www postfix/smtp[15869]: DD3901BB8035: to=<jerry@qq.com>, relay=mx3.qq.com[58.25 1.110.111]:25, delay=105, delays=105/0.04/0.16/0.49, dsn=5.0.0, status=bounced (host mx3.qq.com[ 58.251.110.111] said: 550 Domain may not exist or DNS check failed [MAwnWwuI3IkD8Zs4YArX/JlPi37u RXKd62H0ZxHoL+qTCg37saqOVK376xcPlvMxSQ== IP: 114.217.193.5]. (in reply to end of DATA command))
Apr 30 15:43:01 www postfix/cleanup[15864]: 28B821BB803A: message-id=<20200430074301.28B821BB803 A@www.a.org>
Apr 30 15:43:01 www postfix/bounce[15870]: DD3901BB8035: sender non-delivery notification: 28B82 1BB803A
Apr 30 15:43:01 www postfix/qmgr[15540]: 28B821BB803A: from=<>, size=2320, nrcpt=1 (queue active )
Apr 30 15:43:01 www postfix/qmgr[15540]: DD3901BB8035: removed
Apr 30 15:43:05 www postfix/smtp[15869]: 28B821BB803A: to=<a@yahoo.com>, relay=mta6.am0.yahoodns .net[67.195.228.111]:25, delay=4, delays=0.02/0/1.3/2.8, dsn=2.0.0, status=sent (250 ok queued)
Apr 30 15:43:05 www postfix/qmgr[15540]: 28B821BB803A: removed
Apr 30 15:44:21 www postfix/smtpd[15853]: disconnect from localhost.localdomain[127.0.0.1]
[root@www ~]#
下面的截图是马哥在 windows上的 (我还是要linux上测吧)
先把 192.168.1.45 和 192.168.1.85 的防火墙去掉吧
在 另一台电脑上 192.168.1.85
[root@www ~]# telnet 192.168.1.45 25
Trying 192.168.1.45...
Connected to www.b.net (192.168.1.45).
Escape character is '^]'.
220 www.a.org ESMTP Postfix
helo localhost (这里为什么是本机)
250 www.a.org
mail from: a@a.org
250 2.1.0 Ok
rcpt to: c@c.org
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hello
.
250 2.0.0 Ok: queued as 326741BB8035
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@www ~]#
在 192.168.1.45 上
[root@www ~]# tail /var/log/maillog
Apr 30 16:56:27 www postfix/cleanup[16307]: 326741BB8035: message-id=<>
Apr 30 16:56:27 www postfix/qmgr[15540]: 326741BB8035: from=<a@a.org>, size=166, nrcpt=1 (queue active)
Apr 30 16:56:29 www postfix/smtpd[16295]: disconnect from unknown[192.168.1.85]
Apr 30 16:56:58 www postfix/smtp[16309]: connect to c.org[104.18.148.74]:25: Connection timed ou t
Apr 30 16:57:28 www postfix/smtp[16309]: connect to c.org[104.18.149.74]:25: Connection timed ou t
Apr 30 16:57:28 www postfix/smtp[16309]: 326741BB8035: to=<c@c.org>, relay=none, delay=96, delay s=35/0/61/0, dsn=4.4.1, status=deferred (connect to c.org[104.18.149.74]:25: Connection timed ou t)
Apr 30 17:02:30 www postfix/qmgr[15540]: 326741BB8035: from=<a@a.org>, size=166, nrcpt=1 (queue active)
Apr 30 17:03:00 www postfix/smtp[16348]: connect to c.org[104.18.149.74]:25: Connection timed ou t
Apr 30 17:03:30 www postfix/smtp[16348]: connect to c.org[104.18.148.74]:25: Connection timed ou t
Apr 30 17:03:30 www postfix/smtp[16348]: 326741BB8035: to=<c@c.org>, relay=none, delay=458, dela ys=398/0.01/60/0, dsn=4.4.1, status=deferred (connect to c.org[104.18.148.74]:25: Connection tim ed out)
[root@www ~]#
根本没看懂,马哥说根据上面, 192.168.1.45 是进行中继的,默认是给外面的主机也发邮件的
postfix 默认是把本地主机所在的网段都认为是本地客户端,所有的本地客户端都默认可以中继的
postfix 默认是把本机的IP地址所在的网段识别为本地网络,并且为之中断邮件