Shulou(Shulou.com)06/02 Report--

1. E-mail system

1-1, the e-mail system completes the transmission of e-mail based on the mail protocol. The common mail protocols are as follows.

Simple Mail transfer Protocol (Simple Mail Transfer Protocol,SMTP): used to send and forward emails that occupy the 25/TCP port of the server.

Post Office Protocol version 3 (Post Office Protocol 3pp 3): used to store e-mail to the local host, occupying the server's 110/TCP port.

Internet message access Protocol version 4 (Internet Message Access Protocol,IMAP4): used to access mail on the local host, occupying the server's 143/TCP port.

In the e-mail system, the server that sends and receives mail for users is called mail user agent (Mail User Agent,MUA). In addition, since the e-mail system allows users to receive data offline,

There must be a "mailbox" server for saving user mail. The name of this server is mail delivery agent (Mail Delivery Agent,MDA), and its job is to save messages from mail transfer agent (Mail Transfer Agent,MTA) to local inbox.

Among them, the job of this MTA is to forward and process messages between different e-mail service providers and forward messages from MUA to the appropriate MTA server.

1-2, there are 4 considerations when deploying an enterprise-class e-mail system in a production environment.

Add anti-spam and anti-virus module: it can effectively prevent spam or virus mail from interfering with corporate mailboxes.

Encrypt email: it can effectively protect the content of email from being stolen and tampered with.

Add mail monitoring and auditing module: it can effectively monitor whether there are sensitive words, disclosure of enterprise information and other violations in the e-mail of all employees.

Ensure stability: the stability of the e-mail system is very important. Operators should ensure the stable operation of the e-mail system and be prepared to prevent distributed denial of service (Distributed Denial of Service,DDoS) in time.

2. Deploy the basic email system

A basic e-mail system must be able to provide sending service and receiving service. For this reason, it is necessary to use Postfix service program based on SMTP protocol to provide delivery service function, and Dovecot service program based on POP3 protocol to provide pickup service function.

2-1. Configure the server host name. You need to keep the server host name consistent with the sending domain name.

Vim / etc/hostname modify hostname configuration file

Mail.rehl.com

Hostname View Hostname

Mail.rehl.com

2-2. Clear the default policy of iptables firewall and save the policy status to avoid preventing the client DNS from resolving domain names and sending and receiving emails due to the default policies in the firewall:

Iptables-F clears the default firewall policy

Service iptables save saves the default policy state

2-3, provide domain name resolution for e-mail system. Modify the configuration contents of the main configuration file, zone configuration file and domain name data file.

Vim / etc/named.conf master profile settings allow all network segments and hosts

11 listen-on port 53 {any;}; Line 11 modified

17 allow-query {any;}; Line 17 is modified

Vim / etc/named.rfc1912.zones zone configuration file add native domain name and generate domain name data file

Zone "rehl.com" IN {

Type master

File "rehl.com.zone"

Allow-update {none;}

}

Cp named.localhost rehl.com.zone copies the file and names it linux.com.zone

Vim / etc/named/rehl.com.zone modifies the domain name data file. Note: the "." after com in the configuration file.

$TTL 1D

@ IN SOA rehl.com. Root.rehl.com. (

0; serial

1D; refresh

1H; retry

1W; expire

3H); minimum

NS ns.rehl.com.

Ns IN A 192.168.13.128

@ IN MX 10 mail.rehl.com.

Mail IN A 192.168.13.128

Restart the bind service program so that the configuration file takes effect.

3. Configure the Postfix service program

Postfix is a free and open source email service program funded by IBM, which is well compatible with Sendmail service programs and makes it convenient for Sendmail users to migrate to Postfix services.

The mail sending and receiving ability of Postfix service program is stronger than that of Sendmail service, and it can automatically increase or decrease the number of processes to ensure the high performance and stability of the e-mail system.

In addition, the Postfix service program consists of many small modules, each of which can perform specific functions, so they can be flexibly matched according to needs in the production work environment.

3-1, install Postfix service program, the system has installed Postfix program by default, need to disable firewall.

Yum-y install postfix

Systemctl disable iptables

3-2, configure the Postfix service program, modify the main configuration file (/ etc/postfix/main.cf), and try the following 7 main parameters.

Hostname of the myhostname post office system

Domain name of the mydomain post office system

The name of the domain name of the local mail sent by myorigin

Network card interface for inet_interfaces snooping

Hostname or domain name to which mydestination can receive email

Mynetworks sets which hosts can forward mail

Relay_domains sets which domain messages can be forwarded

Vim / etc/postfix/main.cf

76 myhostname = line 76 of mail.rehl.com modifies the hostname of the mail server

83 mydomain = rehl.com line 83 defines the postal domain variable

99 myorigin = $mydomain Line 99 calls the previous mydomain variable to define the domain in which the message is sent

Line 116 inet_interfaces = all defines the network card listening address, and all represents listening all addresses

Mydestination = $myhostname, line 164 of $mydomain defines the hostname or domain name list of acceptable messages, and you can directly call the previously defined variables

3-3, create a login account for the e-mail system. Postfix, like the vsftpd service program, can call the local account and password, so you can create a regular account locally, restart the Postfix service program, and add it to the boot entry.

Useradd boss creates a user named boss

Echo "redhat" | passwd-- stdin boss adds a password. This command allows you to set passwords for multiple accounts at the same time.

Systemctl restart postfix

Systemctl enable postfix

4, configure the Dovecot service program

Dovecot is an open source service program that can provide IMAP and POP3 email services for Linux systems. It has high security, simple configuration, fast execution speed, and occupies less server hardware resources, so it is a recommended pickup service program.

4-1, install the Dovecot service package

Yum-y install dovecot

4-2, configure the Dovecot service program, and modify the e-mail protocol supported by the Dovecot service program to imap, pop3 and lmtp. Then add a line of parameters below this line to allow the user to use clear text for password authentication.

The reason for this is that the Dovecot service program forces the user to log in encrypted by default in order to ensure the security of the e-mail system, and since there is currently no encrypted system, you need to add this parameter to allow the user to log in in clear text.

Vim / etc/dovecot/dovecot.conf

24 protocols = imap pop3 lmtp add common mail protocol

25 disable_plaintext_auth = no is turned off without plaintext authentication

48 login_trusted_networks = 192.168.13.0 tap 24 add allowed login network segment

4-3, configure mail format and storage path, default mail save path, delete the previous "#".

Vim / etc/dovecot/conf.d/10-mail.conf

24 mail_location = mbox:~/mail:INBOX=/var/mail/%u

Switch your boss account and create a path to save messages in your home directory, then restart the service and add it to the boot entry.

Su-boss

Mkdir-p mail/.imap/INBOX

Exit exits this account

Systemctl restart dovecot

Systemctl enable dovecot

5. Test the e-mail system.

5-1, modify the IP, share the same network segment with the mail server, and configure DNS as the IP of the mail server.

5-2, run the outlook software program on windows (7 or 10), click next-- > configure email account-- > next-- > Select the protocol type of email service-- > next (the first 3 steps are available by default).

5-3, fill in the e-mail account information. Since there is no SSL encryption service currently available, a parameter is written in the main configuration file of the Dovecot service program so that customers can log in to the e-mail service in clear text.

By default, the Outlook software attempts to log in to the email service through the SSL encryption protocol, and after about 30 to 60 seconds, the system will receive an error message of login failure.

At this point, just click the "next" button again to let the Outlook software verify the login in an unencrypted way. The successful creation is shown below. If the creation of a mailbox user is not successful, it is recommended that you reinstall the mail server.

5-4, send a test message to the mail server, and you can see that it has been sent successfully in the sent mail.

The mail server checks to see if the mail has been received

Mail checks the received email, as shown in the figure below, and receives an email with the subject "Test email". The test is successful.

6. Set up the user alias mailbox. The user alias function is a simple and practical mail account camouflage technology, which can be used to set up multiple virtual mailbox accounts to accept emails sent, so as to ensure that one's own email address will not be disclosed.

It can also be used to receive mail from multiple mailboxes. Send an email to your bin account, as shown below.

6-1, switch the bin user, indicating that the user is not available, but it doesn't matter, use the mail command to receive it? In fact, this is the user alias technology to achieve.

Cat / etc/aliases can see "bin: root", which defines a large number of user aliases, most of which are system accounts local to the Linux system.

The root account after the colon (:) spacer is used to receive mail from these accounts. The user alias can be a local user within the Linux system or a completely fictional user name.

6-2, we can define aliases ourselves, and then send email to test it.

Vim / etc/aliases

15 wyw: root on line 15, adding a custom alias

Save exit, execute newaliases, and update the configuration file to make it effective.

6-3, let's send an email to wyw@rehl.com.

Mail checked the email with an extra email with the subject "Custom Alias". Select the number in front of the message to view the content of the message.

The test was successful.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.