Shulou(Shulou.com)06/01 Report--

SMTP Services deployment-Advanced

Followed by last week's content.

I. remote login restrictions

Since all virtual machines can connect remotely to send mail services, it is obvious that this is a safe step.

How to achieve login restrictions:

On my client (desktop)

1.cd / etc/postfix/

Add on the last line: ip REJECT that refuses to log in

For example, 172.25.254.50 REJECT

2.postmap access # encrypts the file, which generates an access.db file

3.postconf-d | grep client # filter configuration items. And query

4. Postconf-e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access" # write configuration file

The configuration file is at the end of: / etc/postfix/main.cf

5. Restart the service

Systemctl restart postfix.service

Test:

On my host with an ip of 50:

Description: the restricted login here can actually be connected through telnet, but the email cannot be sent.

Restore operation: delete the last line of / etc/postfix/main.cf

Postmap access # re-encrypt, and finally restart the service

II. Freeze user mail service

Under the / etc/postfix/ directory

1.vim sender

Input: westos@lyitx.com REJECT

2.postmap sender

3.postconf-e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"

4.systemctl restart postfix.service

Test:

Test on another virtual machine:

[kiosk@foundation50 Desktop] $telnet 172.25.254.166 25

Trying 172.25.254.166...

Connected to 172.25.254.166.

Escape character is'^]'.

220 maillyitx.lyitx.com ESMTP Postfix

Mail from:westos@lyitx.com

250 2.1.0 Ok

Rcpy to:root@linux.com

502 5.5.2 Error: command not recognized

Rcpt to:root@linux.com

554 5.7.1: Sender address rejected: Access denied

III. Deny users access to mail

1.vim recip # write the full name of the user who will refuse to receive mail

Westos@lyitx.com REJECT

2.postmap recip# encryption

3.postconf-e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"

4. Systemctl restart postfix.service

Test:

At 50 hosts:

[kiosk@foundation50 Desktop] $telnet 172.25.254.166 25

The above action can be seen on the last line of / etc/postfix/main.cf

Readme_directory = / usr/share/doc/postfix-2.10.1/README_FILES

Smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender

Smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip

@ @ does not interfere with the follow-up experiments. Restore the operation here.

Specific methods:

Delete the last two lines of the / etc/postfix/main.cf file

Then restart the service.

IV. Tofu cubes (dovecot)

On the desktop host (172.25.254.166)

1.yum install dovecot-y

2.vim / etc/dovecot/dovecot.conf

Cancel 24 lines of comments

24 protocols = imap pop3 lmtp

49 disable_plaintext_auth = no

50 login_trusted_networks = 0.0.0.0 Universe allows login to the public network

3.cd / etc/dovecot/conf.d/

Vim 10-mail.conf

Add the following

On line 30: mail_location = mbox:~/mail:INBOX=/var/mail/%u

4.systemctl start dovecot

The purpose of the above steps is to open the port

5.su-westos#### here requires manual creation of files (existing users)

6.mkdir-p / home/westos/mail/.imap

7.touch / home/westos/mail/.imap/INBOX

8.su-root

Here's a way to do it once and for all:

Under superuser:

Cd / etc/skel/

Mkdir mail/.imap/INBOX

(this setting allows the system to create a directory automatically when each new user creates it.)

Finally, restart the service:

Systemctl restart dovecot.service

Test:

Test on other hosts:

1.yum install mutt-y

2.mutt-f imap://westos@172.25.254.166

After being prompted to enter the password, you can see the email of the westos user.

[root@foundation50 Desktop] # telnet 172.25.254.166 110

Trying 172.25.254.166...

Connected to 172.25.254.166.

Escape character is'^]'.

+ OK [XCLIENT] Dovecot ready.

User westos

+ OK

Pass redhat

+ OK Logged in.

The operation is successful

Five. use Thunderbird to receive mail

Open Thunderbird software

So you can get emails in the software.

# Database virtual user receives email #

1. Install the database

Yum install mysql-server-y

Systemctl start mariadb

Vim / etc/my.cnf

The configuration file is changed to:

Symbolic-links=1

Systemctl restart mariadb##

Mysql_secure_installation# security initialization, set the root password. And then keep a space.

Installation of 2.phpmyadmin-display the operation database on the web page

Yum install httpd-y

Systemctl start httpd

Mv phpMyAdmin-3.4.0-all-languages.tar.bz2 / var/www/html/

Cd / var/www/html/

Tar-jxf phpMyAdmin-3.4.0-all-languages.tar.bz2 # # extract the file

Mv phpMyAdmin-3.4.0-all-languages myadmin # # change a simple name

Systemctl stop firewalld.service # # close the fire wall

Yum install php-yearly # installs php, which cannot be displayed without php environment

Systemctl restart httpd.service # # need to restart http after installation

Cd myadmin/

Cp-p config.sample.inc.php config.inc.php## copies the template file into a real configuration file

Vim config.inc.php # # add something like cookie to the file

$cfg ['blowfish_secret'] =' westos'; / * YOU MUST FILL IN THIS FOR COOKIE AUTH! * /

Yum install php-mysql.x86_64-yearly # associated database

Systemctl restart httpd.service

Enter in the browser: ip address / myadmin of the server where the database is installed

After creating a database called email, create a table called muser with the number of fields set to 4. 0.

The detailed settings are as follows:

Then create a new user in the local database:

MariaDB [(none)] > select * from email.muser

+-+

| | username | password | domain | maildir | |

+-+

| | admin@lyitx.org | 123 | lyitx.org | lyitx.org/admin/ | |

+-+

1 row in set (0.00 sec)

Create user: CREATE USER postfix@localhost identified by 'postfix'

Then authorize it (in the figure)

GRANT INSERT,UPDATE,SELECT on emial.* to postfix@localhost

And then quit.

3. The preparation of the document:

Then on the host where the database is installed:

Cd / etc/postfix/

Vim mysql-users.cf

Write the following manually

Hosts = localhost

User = postfix

Password = postfix

Dbname = email

Table = muser

Select_field = username

Where_field = username

Save exit

Vim mysql-domain.cf

Write:

Hosts = localhost

User = postfix

Password = postfix

Dbname = email

Table = muser

Select_field = domain

Where_field = domain

Vim mysql-maildir.cf

Hosts = localhost

User = postfix

Password = postfix

Dbname = email

Table = muser

Select_field = maildir

Where_field = username

Then encrypt the three files.

Correction: the content shown in the figure should be

Lyitx.org/admin/

4. Create vmail users, mail groups

Groupadd-g 666 vmail

Useradd-g 666-u 666-s / sbin/nologin vmail

Details: the number of parameters cannot be reduced. If an error occurs, you need to re-establish the user.

Userdel-r vmail

5. Write to configuration file

You can see the written content at the end of the configuration file / etc/postfix/main.cf

Virtual_gid_maps = static:666

Virtual_uid_maps = static:666

Virtual_mailbox_base = / home/vmail

Virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf

Virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf

Virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf

6. Restart the postfix service

Systemctl restart postfix.severice

Test: send email to admin@lyitx.org users on the current host

If you view the email in the / home/vmail/lyitx.org/admin/new directory, the operation is successful!

[root@maillyitx new] # pwd

/ home/vmail/lyitx.org/admin/new

[root@maillyitx new] # ls

1481167802.Vfd01I280a514M732414.maillyitx.lyitx.com

1481167902.Vfd01I280a515M599277.maillyitx.lyitx.com

1481167977.Vfd01I280a516M115286.maillyitx.lyitx.com

1481185764.Vfd01I280a51eM96871.maillyitx.lyitx.com

[root@maillyitx new] #

Bean curd block & database

Cp / usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext / etc/dovecot/

Cd / etc/dovecot

Vim dovecot-sql.conf.ext

32 driver = mysql

71 connect = host=localhost dbname=email user=postfix password=postfix

78 default_pass_scheme = PLAIN

107 password_query =\

108 SELECT username, domain, password\

109 FROM muser WHERE username ='% n 'AND domain ='% d'

125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM muser WHERE userid ='% u'

Vim / etc/dovecot/conf.d/10-mail.conf

30 mail_location = maildir:/home/vmail/%d/%n

168 first_valid_uid = 666

175 first_valid_gid = 666

Finally restart the service

Ststemctl restart dovecot

On other hosts, connecting with telnet indicates the success of the experiment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.