Shulou(Shulou.com)06/01 Report--

The following is mainly to bring you dovecot+mysql shell mail iptables how to set, I hope these words can bring you practical use, this is also the main purpose of my editing dovecot+mysql shell mail iptables how to set this article. Okay, no more nonsense, let's go straight to the following.

groupadd -g 666 vmail

useradd -s /sbin/nologin -u 666 vmail -g 666

#############dovecot+mysql##################

1

yum install dovecot-mysql.x86_64 -y

#dovecot-mysql dovecot software plug-in, so that this software can recognize mysql

2

vim /etc/dovecot/dovecot.conf

24 protocols = imap pop3 lmtp #support receiving protocols

48 login_trusted_networks = 0.0.0.0/0 #trusted networks

49 disable_plaintext_auth = no #Enable plaintext authentication

vim /etc/dovecot/conf.d/10-auth.conf

123 ! include auth-sql.conf.ext #Enable mysql authentication

#Generate dovecot to read mysql configuration

cp /usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext

vim /etc/dovecot/dovecot-sql.conf.ext

32 driver = mysql #database type

71 connect = host=localhost dbname=email user=postuser password=postuser #Information to use when querying

78 default_pass_scheme = PLAIN #The default authentication method is plaintext

107 password_query = \ #query password match

108 SELECT username, domain, password \ ##Query user, domain name, password

109 FROM emailuser WHERE username = '%u' AND domain = '%d' ##Query from emailuser table

125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM emailuser WHERE use rname = '%u'

##Query the internal content of an email

vim /etc/dovecot/conf.d/10-mail.conf

30 mail_location = maildir:/home/vmail/%d/%n #Specify mail location

168 first_valid_uid = 666 #Mail file query user identity

175 first_valid_gid = 666

systemctl restart dovecot

systemctl status httpd.service

systemctl status mariadb.service

systemctl status firewalld

test

yum install telnet -y

[root@westos-mail ~]# telnet 172.25.254.117 110

Trying 172.25.254.117...

Connected to 172.25.254.117.

Escape character is '^]'.

+OK [XCLIENT] Dovecot ready.

user jia@jia.com #Create a username in the table

+OK

pass jia #Create passwords in the table (available on the web)

+OK Logged in.

quit

+OK Logging out.

Connection closed by foreign host.

#######################################

reset 217

Configure eth0 yum

hostnamectl set-hostname nullmail.example.com

1

vim /etc/postfix/main.cf

75 myhostname = nullmail.example.com

83 mydomain = example.com

99 myorigin = westos.com #Set as real host domain name

113 inet_interfaces = all

164 mydestination = ##Shell mail does not accept mail, so do not set

316 relayhost = 172.25.254.117 ##IP of the real host to succeed

systemctl restart postfix.service

test

217

[root@nullmail ~]# mail root

Subject: 345

2

.

EOT

[root@nullmail ~]# mailq

Mail queue is empty

117

[root@westos-mail ~]# mail

Heirloom Mail version 12.5 7/5/10. Type ? for help.

"/var/spool/mail/root": 3 messages 2 unread

>U 1 Mail Delivery System Wed May 31 04:15 73/2309 "Undelivered Mail Retu"

2 root Wed May 31 10:07 22/752 "fdsf"

U 3 root Wed May 31 10:09 22/750 "345"

& 3

Message 3:

From root@westos.com Wed May 31 10:09:02 2017

Return-Path:

X-Original-To: root@westos.com

Delivered-To: root@westos.com

Date: Wed, 31 May 2017 10:09:03 -0400

To: root@westos.com

Subject: 345

User-Agent: Heirloom mailx 12.5 7/5/10

Content-Type: text/plain; charset=us-ascii

From: root@westos.com (root)

Status: RO

##################iptables###################

iptables is a firewall application that works in user space

Three tables and five chains

filter table mangle table nat table

INPUT CHAIN OUTPUT CHAIN FORWARD CHAIN PREROUTING CHAIN POSTROUTING CHAIN

reset 117,217

systemctl stop firewalld

systemctl disable firewalld

117 Dual NIC

217

IPADDR=172.25.0.217

PREFIX=24

GATEWAY=172.25.0.117

iptables

-t ##Specify table name

-n ##Do not parse

-L ##Lists policies in the specified table

-A ##Increase strategy

-p ##network protocol

--dport ##port

-s ##Data source

-j ##Action

ACCEPT ##Allow

REJECT ##Deny

DROP##Drop

-N ##Increase chain

-E ##Modify chain name

-X ##Delete chain

-D ##Delete specified policy

-I ##insert

-R ##Modify policy

-P ##Modify default policy

iptables -t filter -nL #View policies in the filter table

Chain INPUT (policy ACCEPT)

target prot opt source destination

Chain FORWARD (policy ACCEPT)

target prot opt source destination

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

iptables -F#Flushes out all policies in the filter table, default is filter when table name is not specified with-t

service iptables save #Save the current policy

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]

iptables -A INPUT -i lo -j ACCEPT #Allow lo

iptables -A INPUT -p tcp --dport 22 -j ACCEPT #Allow access to port 22

iptables -A INPUT -s 172.25.254.250-j ACCEPT #Allow 250 hosts to access

iptables -A INPUT -j REJECT #Deny all host data sources

iptables -N redhat #add chain redhat

iptables -E redhat westos #change chain name

iptables -X westos #delete westos chain

iptables -D INPUT 2 #Delete the second policy in the INPUT chain

iptables: Index of deletion too big.

iptables -I INPUT -p tcp --dport 80 -j REJECT #Insert policy into the first entry in INPUT

iptables -R INPUT 1 -p tcp --dport 80 -j ACCEPT #Modify the first policy

iptables -P INPUT DROP #Change the default policy in the INPUT table to drop

iptables -P INPUT ACCEPT #Change the default policy in the INPUT table to accept

how to improve access speed and relieve access pressure

iptables -A INPUT -i lo -m state --state NEW -j ACCEPT ##Allow loopback interface access

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ##Allow state NEW Access port 22

iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT ##Allow access state is NEW Q 80 port

[iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT ##Allow access state is NEW ask port 443

iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT ##Allow access state is NEW Q 53 port

iptables -A INPUT -j REJECT ##Reject all host data sources

sysctl -a |grep forward ##View forward status

net.ipv4.ip_forward = 0

vim /etc/sysctl.conf ##Enable kernel routing

net.ipv4.ip_forward = 1

sysctl -p ##enable

iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-dest 172.25.0.117 ###Enter routing settings

iptables -t nat -A PREROUTING -o eth0 -j SNAT --to-source 172.25.254.117 ###outgoing routing settings

##eth0 is a network card with segment 0

For the above on dovecot+mysql shell mail iptables how to set up, we do not think it is very helpful. If you need to know more, please continue to pay attention to our industry information, I believe you will like these contents.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.