In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-06 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Centos X64 version 6.9 installs postfix2.6.6+dovecot+openwebmail
Test completion date: 2017.06.07
The attachment is a configuration file, which can be used directly
Use the account number and password file that comes with the system for authentication, without installing mysql, the method is simple.
The test found that Centos 6.5 / 6.9 x64 uses SHA-512 encryption.
Note: please do not set up a mail server on the ADSL dynamic IP line, it will be regarded as a spam server. It is recommended to use VPS servers such as Ali Cloud and Tencent Cloud to fix the IP address.
Uninstall sendmail first
[root@ser ~] # yum remove sendmail
# chkconfig sendmail off
Second, install postfix, dovecot,cyrus-sasl
[root@ser ~] # yum-y install epel-release
[root@ser ~] # yum-y install postfix perl
[root@ser ~] # yum-y install dovecot dovecot-devel dovecot-mysql pam-devel
[root@ser ~] # yum-y install cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5 cyrus-sasl-lib
View postfix version
[root@host] # rpm-qa | grep postfix
Postfix-2.6.6-8.el6.x86_64
Postfix profile
[root@ser ~] # vi / etc/postfix/main.cf
Alias_database = hash:/etc/postfix/aliases
Alias_maps = hash:/etc/postfix/aliases
Queue_directory = / var/spool/postfix
Command_directory = / usr/sbin
Daemon_directory = / usr/libexec/postfix
Data_directory = / var/lib/postfix
Mail_owner = postfix
Myhostname = mail.dongying.com
Mydomain = dongying.com
Myorigin = $mydomain
Inet_interfaces = all
Inet_protocols = ipv4
Mydestination = $myhostname, localhost.$mydomain,$mydomain,dongying.com
Unknown_local_recipient_reject_code = 5505
Mynetworks = 127.0.0.0 amp 8120.25.162.161 max 32192.168.88.0 max 24
Smtpd_banner= "Version not Available"
Relay_domains = $mydomain
Mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,mail.$mydomain
Disable_vrfy_command=yes
Broken_sasl_auth_clients = yes
Smtpd_helo_required = yes
Strict_rfc821_envelopes = yes
Smtpd_reject_unlisted_sender = no
Smtpd_data_restrictions = reject_unauth_pipelining
Header_checks = pcre:/etc/postfix/header_checks
Smtpd_error_sleep_time = 1s
Smtpd_soft_error_limit = 10
Smtpd_hard_error_limit = 10
Smtpd_sasl_auth_enable = yes
Smtpd_sasl_security_options = noanonymous
Smtpd_delay_reject=yes
Smtpd_client_restrictions = permit_sasl_authenticated
Smtpd_sasl_path = smtpd
Smtpd_sasl_authenticated_header = yes
Smtpd_sasl_local_domain = $myhostname
Smtpd_sender_restrictions = permit_mynetworks
Reject_non_fqdn_sender
Reject_unknown_sender_domain
Reject_unauthenticated_sender_login_mismatch
Reject_rhsbl_sender dbl.spamhaus.org
Reject_rhsbl_client dbl.spamhaus.org
Permit
Smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated
Reject_invalid_hostname, reject_non_fqdn_sender
Reject_non_fqdn_recipient, reject_non_fqdn_hostname
Reject_unknown_sender_domain
Reject_unauth_pipelining, reject_unauth_destination
Check_client_access hash:/etc/postfix/client_checks
Check_sender_access hash:/etc/postfix/sender_checks
Reject_rbl_client cblless.anti-spam.org.cn
Reject_rbl_client zen.spamhaus.org
Reject_rbl_client bl.spamcop.net
Reject_rbl_client dyna.spamrats.com
Reject_rbl_client auth.spamrats.com
Reject_rbl_client cbl.abuseat.org
Check_policy_service unix:private/policy-spf,permit
Message_size_limit = 41943040
Mailbox_size_limit = 500000000
The main.cf parameters are described as follows:
First, note that the following four lines, for your company's domain name and IP information, please change according to your actual address.
Myhostname = mail.dongying.com
Mydomain = dongying.com
Mydestination = $myhostname, localhost.$mydomain,$mydomain,dongying.com
Mynetworks = 127.0.0.0 amp 8120.25.162.161 max 32192.168.88.0 max 24
Second, note that the following six lines, for anti-spam rules, use the domain name of the International Anti-Spam Alliance, which has been personally tested to be a valid domain name, so it must be added.
Reject_rbl_client cblless.anti-spam.org.cn
Reject_rbl_client zen.spamhaus.org
Reject_rbl_client bl.spamcop.net
Reject_rbl_client dyna.spamrats.com
Reject_rbl_client auth.spamrats.com
Reject_rbl_client cbl.abuseat.org
Third, the prevention of denial of service. The following three lines of parameters
Smtpd_error_sleep_time = 1s
Smtpd_soft_error_limit = 10
Smtpd_hard_error_limit = 10
# postfix can accumulate the number of errors that have occurred in the client. For suspicious clients, postfix will actively delay the response time
And the more errors, the longer the delay. These are set by the following parameters
Parameter description: the initial delay time is determined by the smptd_error_sleep_time parameter (default 1 second), when the client accumulates the
After the smtpd_soft_error_limit error, each time an error occurs, the postfix will delay by 1 second, when the number of errors
When the smtpd_hard_error_limit is exceeded, postfix abandons the client and actively disconnects
Fourth, the configuration of the blacklist and whitelist to reduce the number of important customer e-mails as spam. The following two lines of parameters
Check_client_access hash:/etc/postfix/client_checks
Check_sender_access hash:/etc/postfix/sender_checks
There are two completely different parameters in postfxi to implement whitelist blacklist, client_checks, masked by client ip,ip segment or hostname.
Sender_checks, by judging that the sender's e-mail address (located in the from section) is blocked, it is recommended to add the email domain names and addresses of frequent customers to the sender_checks file. Ok is allowed, reject is denied.
Whenever there are any changes to the above two files, remember to run the postmap command so that postfix can find them.
[root@ postfix] # postmap / etc/postfix/client_checks
[root@ postfix] # postmap / etc/postfix/sender_checks
[root@ postfix] # cat sender_checks
Gmail.com ok
Example.com REJECT env. From addr any@example.com rejected
.example.com REJECT env. From addr any@sub.example.com rejected
User@example.com REJECT We don't want your email
[root@ postfix] # cat client_checks
61.145.211.19 ok
.example.com REJECT No spammers, from your subdomain
Fifth, SPF anti-spam certification.
Check_policy_service unix:private/policy-spf
For the spf authentication of a specified domain name, you need to do "txt domain name resolution record" in the domain name center.
6. Check the mail header and filter the mail with specified content.
Header_checks = pcre:/etc/postfix/header_checks
Email header check. Emails that fail to pass the spf authentication will be discarded directly.
[root@ postfix] # cat / etc/postfix/header_checks
/ Received-SPF: softfail/ REJECT
Seventh, the setting of mailbox size and accessories.
Message_size_limit = 41943040
Mailbox_size_limit = 500000000
Is to limit the size of the user's mail directory, that is, the size of the message that can be saved on the server is 500m, then the message_size_limit limit message size is 41943040max 1024max 40m
Attachment main.cf file is added with spf anti-spam verification, and can be used directly
Generate / etc/postfix/aliases alias database to solve the problem of NIS domain name not set-NIS lookups disabled warning message
[root@ postfix] # touch / etc/postfix/aliases
[root@ postfix] # postalias / etc/postfix/aliases
The following two lines can be added to the main.cf
Alias_database = hash:/etc/postfix/aliases
Alias_maps = hash:/etc/postfix/aliases
=
Then make the following configuration
Postfix configure SPF to prevent sender from cheating
Http://www.haiyun.me/archives/postfix-spf-spoof.html (reference article)
First of all, you need to enter the "Domain name Management Center" of the public network and add a TXT record with a value of v=spf1 mx-all
At the same time, MX and other records are also configured to facilitate email sending and receiving. Just press the figure below to set the five red boxes.
[root@ postfix] # yum install perl-Mail-SPF perl-Sys-Hostname-Long
[root@ postfix] # wget https://launchpad.net/postfix-policyd-spf-perl/trunk/release2.010/+download/postfix-policyd-spf-perl-2.010.tar.gz
[root@ postfix] # tar zxvf postfix-policyd-spf-perl-2.010.tar.gz
[root@ postfix] # mv postfix-policyd-spf-perl-2.010/postfix-policyd-spf-perl / usr/sbin/
[root@ postfix] # chmod + x / usr/sbin/postfix-policyd-spf-perl
Enable the postfix-policyd-spf-perl service:
[root@ postfix] # vi / etc/postfix/master.cf
# # spf check
Policy-spf unix-n n-- spawn
User=nobody argv=/usr/sbin/postfix-policyd-spf-perl
Edit the Postfix main profile to add SPF filtering rules:
[root@ postfix] # vi / etc/postfix/main.cf
Smtpd_recipient_restrictions =
Permit_mynetworks
.
Check_policy_service unix:private/policy-spf,permit
View Mail Log
[root@ postfix] # tail-f / var/log/maillog
# for the correct record, as follows, a red Received-SPF: pass indicates yes.
Jun 7 17:25:56 host-cn postfix/smtpd [12947]: connect from smtpbg331.qq.com [14.17.43.223]
Jun 7 17:26:04 host-cn postfix/policy-spf [12952]: Policy action=PREPEND Received-SPF: pass (qq.com: Sender is authorized to use '3700488roomqq.com' in 'mfrom' identity (mechanism' include:spf.mail.qq.com' matched)) receiver=unknown; identity=mailfrom; envelope-from= "3700488@qq.com"; helo=smtpbg331.qq.com; client-ip=14.17.43.223
Jun 7 17:26:04 host-cn postfix/smtpd [12947]: 05CBEC0E16: client=smtpbg331.qq.com [14.17.43.223]
Jun 7 17:26:04 host-cn postfix/cleanup [12955]: 05CBEC0E16: message-id=
Jun 7 17:26:04 host-cn postfix/qmgr [12946]: 05CBEC0E16: from=, size=2286, nrcpt=1 (queue active)
Jun 7 17:26:04 host-cn postfix/smtpd [12947]: disconnect from smtpbg331.qq.com [14.17.43.223]
Jun 7 17:26:04 host-cn postfix/local [12956]: 05CBEC0E16: to=, relay=local, delay=7.6, delays=7.6/0.01/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox)
Jun 7 17:26:04 host-cn postfix/qmgr [12946]: 05CBEC0E16: removed
# the following are error messages
Postfix/policy-spf [15857]: Policy action=PREPEND Received-SPF: softfail (www.haiyun.me: Sender is not authorized by default
Add postfix to the root group
[root@ postfix] # usermod-G root postfix
Check the configuration file again and execute the command / usr/sbin/postconf-n
Set postfix to MTA
[root@ postfix] # alternatives-set mta / usr/sbin/sendmail.postfix
How to view MTA:
[root@ postfix] # alternatives-- display mta
Set Postfix to self-startup
[root@ postfix] # chkconfig-- add postfix
[root@ postfix] # chkconfig postfix on
[root@ postfix] # chkconfig saslauthd on
Check to see if there is installation certification
[root@ postfix] # rpm-qa | grep cyrus
Cyrus-sasl-lib-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-md5-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-devel-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-2.1.23-15.el6_6.2.x86_64
Cyrus-sasl-plain-2.1.23-15.el6_6.2.x86_64
Configure the authentication mechanism and add the following three lines to the content of the file
[root@ postfix] # vi / etc/sasl2/smtpd.conf
Log_level: 3
Pwcheck_method: saslauthd
Mech_list: plain login
[root@ postfix] # vi / etc/sysconfig/saslauthd has the following two lines in the contents of the file
MECH=shadow
FLAGS=
Restart the authentication service
[root@ postfix] # service saslauthd start
Add the account of the mail user
[root@ postfix] # groupadd mail creates a new mail user group
[root@ postfix] # useradd-g mail-s / sbin/nologin evan build evan users and specify user groups as mail groups, and do not allow them to log in to SSH
[root@ postfix] # passwd evan modify evan user password
In order for the added mailbox user to have permissions under the / var/spool/mail directory, you need to:
[root@ postfix] # usermod-g mail evan modifies the evan user and sets the primary user group to mail group
View users in the mail group
[root@host-cn ~] # groups mail
Mail: jack evan
Check which group a user in Linux belongs to
[root@host-cn postfix] # id evan
Uid=504 (evan) gid=12 (mail) groups=12 (mail)
[root@host-cn postfix] # groups evan
Evan: mail
When the user has been established, if you do not have control rights at the time of establishment, and now you need to cancel the user login rights, you can use the following command
Vi / etc/passwd
Find the line of the user you want to modify, such as username:x:502:502::/home/username:/bin/bash
Modify it to the following code
Username:x:502:502::/home/username:/sbin/nologin
Verify that the password is successful in the following format, for example:
[root@ postfix] # testsaslauthd-u evan-p miserp007
0: OK "Success."
The above results are displayed, indicating that the verification is successful.
Start the postfix service
[root@ postfix] # service postfix start
=
II. Installation and configuration of dovecot
[root@ postfix] # yum install-y dovecot dovecot-devel dovecot-mysql pam-devel
View version
[root@ postfix] # dovecot-- version
2.0.9
You only need to configure a dovecot.conf file, perform general authentication, and turn off SSL
[root@ dovecot] # vi / etc/dovecot/dovecot.conf
Listen = *
Protocols = pop3 imap
Default_login_user=postfix
Default_internal_user=postfix
Disable_plaintext_auth = no
Ssl = no
Mail_privileged_group = mail
Mail_location = mbox:~/mail:INBOX=/var/mail/%u
Userdb {
Driver = passwd
Args = blocking=no
}
Passdb {
Driver = shadow
}
Rename the conf.d folder without using the configuration file in it
[root@ dovecot] # cd / etc/dovecot/
[root@ dovecot] # mv conf.d conf.d.bak
Check the certification file, which does not need to be changed by default
[root@ dovecot] # vi / etc/pam.d/dovecot
Auth required pam_nologin.so
Auth include password-auth
Account include password-auth
Session include password-auth
Set dovecot to self-startup
[root@ dovecot] # service dovecot start
[root@ dovecot] # chkconfig dovecot on
[root@ dovecot] # chkconfig-- add dovecot
Test whether you can log in to dovecot normally
[root@ dovecot] # telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is'^]'.
+ OK Dovecot ready.
User evan manually typed in the login user name
+ OK
Pass miserp007 manually typed the user's password
+ OK Logged in. It indicates that you have logged in.
Quit, back out.
+ OK Logging out.
View Mail Log
[root@ dovecot] # tail-f / var/log/maillog
=
Third, install openwebmail
Generate openwebmail installation source
[root@ dovecot] # vi / etc/yum.repos.d/openwebmail.repo
[openwebmail]
# # Thomas Chung
# # 2008.05.29
Name=Openwebmail for Fedora or Enterprise Linux
Baseurl= http://openwebmail.org/openwebmail/download/redhat/rpm/release/
Enabled=1
Gpgcheck=1
Gpgkey= http://openwebmail.org/openwebmail/download/redhat/rpm/release/RPM-GPG-KEY-openwebmail
# metadata_expire=0
[root@ dovecot] # yum install openwebmail
When the installation is complete, prompt to run openwebmail-tool.pl-init
[root@ dovecot] # cd / var/www/cgi-bin/openwebmail/
Save after changing dbm.conf content
[root@ openwebmail] # vi / var/www/cgi-bin/openwebmail/etc/dbm.conf
Dbm_ext .db
Dbmopen_ext .db
Dbmopen_haslock no
[root@ openwebmail] # cd / var/www/cgi-bin/openwebmail/
Perform initialization
[root@ openwebmail] #. / openwebmail-tool.pl-init
Send the site report? (YBO) Please answer y
Finally complete the installation process
Modify openwebmail language options
[root@ openwebmail] # cd / var/www/cgi-bin/openwebmail/etc
[root@ etc] # vi openwebmail.conf
Domainnames dongying.com changes auto to your company's domain name, here is dongying.com
Default_language auto changed en to auto
Default_iconset Cool3D.Chinese.Simplified
[root@ etc] # cd / var/www/cgi-bin/openwebmail/etc/defaults
[root@ defaults] # vi openwebmail.conf
Domainnames dongying.com
Smtpserver 127.0.0.1
Make Open WebMail the default web page of Server
[root@ defaults] # cd / var/www/cgi-bin/openwebmail
[root@ openwebmail] # vi index.html
Install apache and modify the configuration file
[root@ openwebmail] # yum install httpd
[root@ openwebmail] # vi / etc/httpd/conf/httpd.conf
ServerName mail.dongying.com:82
Listen 82
DocumentRoot "/ var/www/cgi-bin/openwebmail"
AddHandler cgi-script .cgi .pl
Install character encoding
[root@ openwebmail] # wget ftp://ftp.devil-linux.org/pub/devel/sources/1.4/perl-ext/MIME-Base64-3.09.tar.gz
[root@] # tar-xzvf MIME-Base64-3.09.tar.gz
[root@] # cd MIME-Base64-3.09
[root@ MIME-Base64-3.09] # perl Makefile.PL
Checking if your kit is complete...
Looks good
Writing Makefile for MIME::Base64
[root@ MIME-Base64-3.09] # make
[root@ openwebmail] # service httpd restart
Add to Auto start
[root@ openwebmail] # chkconfig httpd on
Deactivate the firewall or join designated ports 25, 82, 110, 143,
[root@ openwebmail] # service iptables stop
[root@ openwebmail] # vi / etc/sysconfig/iptables
-An INPUT-p tcp-m tcp-- dport 25-j ACCEPT
-An INPUT-p tcp-m tcp-- dport 110j ACCEPT
-An INPUT-p tcp-m tcp-- dport 143j ACCEPT
-An INPUT-p tcp-m tcp-- dport 82-j ACCEPT
[root@ openwebmail] # service iptables restart
Then you can open it directly in the browser.
Http://mail.dongying.com:82
=
Regularly back up maillog files and delete old backup files from 15 days ago to prevent maillog files from being too large, resulting in a waste of hard disk space
[root@postfix] # vi / etc/posftix/clearmaillog
#! / bin/sh
# clear maillog and Backup .by evanli
Rq= `date +% Ymuri% mmury% d`
Service postfix stop
Service dovecot stop
Mv / var/log/maillog / var/log/maillog-$rq.bak
Service rsyslog restart
Service postfix start
Service dovecot start
Find / var/log-mtime + 15-name "mail*.bak"-exec rm-rf {}\
The generated backup log file format is maillog-2017-06-08.bak
Give executable authority
[root@ postfix] # chmod + x clearmaillog
Install scheduling and time synchronization service
[root@postfix] # yum install crontabs ntpdate
Disable the ntpd service that comes with the system
[root@postfix] # service ntpd stop
[root@postfix] # chkconfig ntpd off
Add the following 2 red lines to the end of the file
[root@host-cn postfix] # vi / etc/crontab
55 23 * 0 root / etc/postfix/clearmaillog
0 * / 1 * root / usr/sbin/ntpdate 0.pool.ntp.org > & / dev/null
At 23:55 every Sunday night, back up miallog and erase old files.
Synchronize the system time every one hour
Restart the scheduling service
[root@ postfix] # / sbin/service crond restart
=
Mail log analysis tool pflogsumm
1. Pflogsumm function:
Statistics of messages received, delivered, forwarded, delayed, bounced, rejected, retained, discarded
Statistics of senders and recipients
Statistics of sending and receiving hosts / domain names
Count the number of SMTPD connections
.
2. Installation
# yum install postfix-pflogsumm
3. Use
Count today's information.
# pflogsumm-d today / var/log/maillog
Statistics of yesterday's information
# pflogsumm-d yesterday / var/log/maillog
4. Use scheduled tasks to generate j reports yesterday
The mail system log statistics report for the same day will be sent to the administrator's mailbox at 23: 53 every evening.
Add the following line to the end of the file
[root@ postfix] # vi / etc/crontab
53 23 * root / usr/sbin/pflogsumm-d today / var/log/maillog 2 > & 1 | mail-s "daily mail stats" evan@dongying.com
More ways to use pflogsumm:
# man pflogsumm
Finally, when using outlook2013 or foxmail to receive email, be sure to check "my outgoing server (STMP) needs authentication". In addition, the location of the user name must be set according to the picture. The figure below is as follows
Test completion date: 2017.06.07
The attachment is a configuration file, which can be used directly
Attachment: http://down.51cto.com/data/2366734
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.