Shulou(Shulou.com)06/01 Report--

# postfix+mariadb#

1. Preparatory work

[root@westos-mail ~] # yum install mariadb php php-mysql httpd dovecot dovecot-mysql-y

Install the relevant software

two。 Configuration file

[root@westos-mail ~] # vim / etc/dovecot/dovecot.conf

24 protocols = imap pop3 lmtp

48 login_trusted_networks = 0.0.0.0amp 0

49 disable_plaintext_auth = no

[root@westos-mail ~] # vim / etc/dovecot/conf.d/10-auth.conf

123! include auth-sql.conf.ext

[root@westos-mail ~] # cd / etc/dovecot/conf.d

[root@westos-mail conf.d] # ls

10-auth.conf 20-imap.conf auth-dict.conf.ext

10-director.conf 20-lmtp.conf auth-ldap.conf.ext

10-logging.conf 20-pop3.conf auth-master.conf.ext

10-mail.conf 90-acl.conf auth-passwdfile.conf.ext

10-master.conf 90-plugin.conf auth-sql.conf.ext

10-ssl.conf 90-quota.conf auth-static.conf.ext

15-lda.conf auth-checkpassword.conf.ext auth-system.conf.ext

15-mailboxes.conf auth-deny.conf.ext auth-vpopmail.conf.ext

[root@westos-mail conf.d] # cp / usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext / etc/dovecot/dovecot-sql.conf.ext

[root@westos-mail conf.d] # vim / etc/dovecot/dovecot-sql.conf.ext

32 driver = mysql

71 connect = host=localhost dbname=email user=postuser password=postuser

78 default_pass_scheme = PLAIN

107 password_query =\

108 SELECT username, domain, password\

109 FROM emailuser WHERE username ='% u 'AND domain ='% d'

125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM emailuser WHER E username ='% u'

[root@westos-mail conf.d] # vim 10-mail.conf

30 mail_location = maildir:/home/vmail/%d/%n

168 first_valid_uid = 666

175 first_valid_gid = 666

[root@westos-mail conf.d] # yum install-y telnet

[root@westos-mail conf.d] # systemctl restart dovecot

test

[root@westos-mail conf.d] # telnet 172.25.254.101 110

Trying 172.25.254.101...

Connected to 172.25.254.101.

Escape character is'^]'.

+ OK [XCLIENT] Dovecot ready.

User lee@lee.com

+ OK

Pass lee

+ OK Logged in.

Quit

+ OK Logging out.

Connection closed by foreign host.

Attached picture

# Shell mail #

1. Reset the empty shell end first

two。 Configuration

[root@localhost ~] # vim / etc/postfix/main.cf

75 myhostname = nullmail.example.com # # hostname

83 mydomain = example.com # # domain name

99 myorigin = westos.com # # to be the same as the domain name of the real host

113 inet_interfaces = all

164 mydestination = # # the shell does not actually receive mail, so it does not write

316 relayhost = 172.25.254.101 # # Real Host ip

[[root@nullmail ~] # systemctl restart postfix.service

test

# empty shell end

[root@nullmail ~] # mail root

Subject: qe

Qe

Qe

.

EOT

[root@nullmail ~] # mailq

Mail queue is empty

# True receiver

[root@westos-mail named] # mail

Heirloom Mail version 12.5 7-5-10. Type? For help.

"/ var/spool/mail/root": 1 message 1 new

> N 1 root Thu Jun 1 08:01 22 amp 742 "qe"

& Q

# #

# iptables#

# #

1. Preparatory work

Check the status of the fire wall, and if it is running, turn it off

Open iptables

2.iptables

Iptables is a firewall application between work and users.

Three tables: filter # # without going through the kernel

Mangel

Nat # # through the kernel

Five chains: INPUT OUTPUT FORWARD PREROUTING POSTROUTING

-t # # indicate the name of the table

-n # # do not parse

-L # # list the policies for the specified table

-F # # flush out all policies in the filter table

-A # # add policy

-s # # data source

-j # # Action

ACCEPT # # allow

REJECT # # reject

-- dport # # Port

-D # # delete the specified policy

-I # # insert policy

-R # # modify policy

-P # # modify the default policy

Service iptables save # # Save the current policy

[root@localhost ~] # iptables-An INPUT-I lo-j ACCEPT # # allow lo

[root@localhost ~] # iptables-An INPUT-p tcp-- dport 22-j ACCEPT # # allow access to port 22

[root@localhost] # iptables-An INPUT-s 172.25.254.75-j ACCEPT # # only 75 hosts are allowed to access

[root@localhost] # iptables-An INPUT-j REJECT # # reject everything else

[root@localhost ~] # iptables-nL # # View the current policy of filter table

Chain INPUT (policy ACCEPT)

Target prot opt source destination

ACCEPT all-- 0.0.0.0Universe 0 0.0.0.0Universe 0

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:22

ACCEPT all-- 172.25.254.95 0.0.0.0 Universe 0

REJECT all-0.0.0.0Universe 0 0.0.0.0Universe 0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

[root@localhost] # iptables-N redhat # # add redhat chain

[root@localhost ~] # iptables-nL

Chain INPUT (policy ACCEPT)

Target prot opt source destination

ACCEPT all-- 0.0.0.0Universe 0 0.0.0.0Universe 0

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:22

ACCEPT all-- 172.25.254.95 0.0.0.0 Universe 0

REJECT all-0.0.0.0Universe 0 0.0.0.0Universe 0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

Chain redhat (0 references)

Target prot opt source destination

[root@localhost ~] # iptables-E redhat westos # # change the name of redhat chain to westos

[root@localhost ~] # iptables-nL

Chain INPUT (policy ACCEPT)

Target prot opt source destination

ACCEPT all-- 0.0.0.0Universe 0 0.0.0.0Universe 0

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:22

ACCEPT all-- 172.25.254.95 0.0.0.0 Universe 0

REJECT all-0.0.0.0Universe 0 0.0.0.0Universe 0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

Chain westos (0 references)

Target prot opt source destination

[root@localhost ~] # iptables-X westos # # Delete westos chain

[root@localhost ~] # iptables-nL

Chain INPUT (policy ACCEPT)

Target prot opt source destination

ACCEPT all-- 0.0.0.0Universe 0 0.0.0.0Universe 0

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:22

ACCEPT all-- 172.25.254.95 0.0.0.0 Universe 0

REJECT all-0.0.0.0Universe 0 0.0.0.0Universe 0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

[root@localhost ~] # iptables-I INPUT-p tcp-- dport 80-j REJECT # # insert policy into the first entry in INPUT

Iptables-P INPUT DROP # modify default policy

[root@localhost ~] # iptables-nL

Chain INPUT (policy ACCEPT)

Target prot opt source destination

REJECT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:80 reject-with icmp-port-unreachable

ACCEPT all-- 0.0.0.0Universe 0 0.0.0.0Universe 0

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:22

ACCEPT all-- 172.25.254.75 0.0.0.0 Universe 0

REJECT all-0.0.0.0 ACCEPT 0 reject-with icm [root@localhost ~] # iptables-R INPUT 1-p tcp-- dport 80-j ACCEPT # # modify the first policy

# improve access speed and relieve access pressure

[root@localhost] # iptables-An INPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT # # read the established policy again, then read this directly.

[root@localhost] # iptables-An INPUT-I lo-m state-- state NEW-j ACCEPT # # read this directly when you read the lo policy again

[root@localhost ~] # iptables-An INPUT-p tcp-- dport 22-m state-- state NEW-j ACCEPT # read this directly when you read the port 22 policy again. You don't need to read it all.

[root@localhost ~] # iptables-An INPUT-p tcp-- dport 80-m state-- state NEW-j ACCEPT # read this directly when you read the port 80 policy again. You don't need to read it all.

[root@localhost] # iptables-An INPUT-p tcp-- dport 443m state-- state NEW-j ACCEPT # read this directly when you read the port 443 policy again. You don't need to read it all.

[root@localhost ~] # iptables-An INPUT-p tcp-- dport 53-m state-- state NEW-j ACCEPT # read this directly when you read the 53 port policy again. You don't need to read it all.

[root@localhost] # iptables-An INPUT-j REJECT # # all other host data are rejected

[root@localhost ~] # iptables-nL

Chain INPUT (policy ACCEPT)

Target prot opt source destination

ACCEPT all-0.0.0.0Universe 0 0.0.0.0Universe 0 state RELATED,ESTABLISHED

ACCEPT all-0.0.0.0Universe 0 0.0.0.0Universe 0 state NEW

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:22 state NEW

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:80 state NEW

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:443 state NEW

ACCEPT tcp-0.0.0.0Universe 0 0.0.0.0Universe 0 tcp dpt:53 state NEW

REJECT all-0.0.0.0Universe 0 0.0.0.0Universe 0 reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

[root@localhost ~] # service iptable save # # Save the current policy

# routing #

[root@localhost] # iptables-t nat-A POSTROUTING-o eth2-j SNAT-- to-source 172.25.254.101 # the way out

[root@localhost ~] # sysctl-a | grep forward

Net.ipv4.conf.all.forwarding = 0

Net.ipv4.conf.all.mc_forwarding = 0

Net.ipv4.conf.default.forwarding = 0

Net.ipv4.conf.default.mc_forwarding = 0

Net.ipv4.conf.eth0.forwarding = 0

Net.ipv4.conf.eth0.mc_forwarding = 0

Net.ipv4.conf.eth2.forwarding = 0

Net.ipv4.conf.eth2.mc_forwarding = 0

Net.ipv4.conf.lo.forwarding = 0

Net.ipv4.conf.lo.mc_forwarding = 0

Net.ipv4.ip_forward = 0

Net.ipv6.conf.all.forwarding = 0

Net.ipv6.conf.all.mc_forwarding = 0

Net.ipv6.conf.default.forwarding = 0

Net.ipv6.conf.default.mc_forwarding = 0

Net.ipv6.conf.eth0.forwarding = 0

Net.ipv6.conf.eth0.mc_forwarding = 0

Net.ipv6.conf.eth2.forwarding = 0

Net.ipv6.conf.eth2.mc_forwarding = 0

Net.ipv6.conf.lo.forwarding = 0

Net.ipv6.conf.lo.mc_forwarding = 0

[root@localhost ~] # vim / etc/sysctl.conf

5 net.ipv4.ip_forward = 1

[root@localhost] # sysctl-p

Net.ipv4.ip_forward = 1

[root@localhost] # iptables-t nat-A PREROUTING-I eth2-j DNAT-- to-dest 172.25.0.11 # forward route

[root@localhost ~] # iptables-t nat-nL # View the current policy

Chain PREROUTING (policy ACCEPT)

Target prot opt source destination

DNAT all-0.0.0.0Universe 0 0.0.0.0Universe 0 to:172.25.0.11

Chain INPUT (policy ACCEPT)

Target prot opt source destination

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

Chain POSTROUTING (policy ACCEPT)

Target prot opt source destination

SNAT all-0.0.0.0Universe 0 0.0.0.0Universe 0 to:172.25.254.101

test

[root@localhost ~] # ping 172.25.0.11

PING 172.25.0.11 (172.25.0.11) 56 (84) bytes of data.

64 bytes from 172.25.0.11: icmp_seq=1 ttl=64 time=0.527 ms

64 bytes from 172.25.0.11: icmp_seq=2 ttl=64 time=0.384 ms

64 bytes from 172.25.0.11: icmp_seq=3 ttl=64 time=0.448 ms

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.