- 論壇徽章:
- 0
|
rhel5之postfix郵件服務(wù)器基本應(yīng)用配置
這里只講postfix的配置,dovecot的配置請(qǐng)參見(jiàn)我的另一篇日志:
rhel5之sendmail�����、dovecot配置
一��、安裝:
[root@server2 ~]# yum -y install postfix wireshark
停止�、禁止sendmail服務(wù):
[root@server2 ~]# service sendmail stop
[root@server2 ~]# chkconfig sendmail off
指定postfix作為你的MTA:
[root@server2 ~]# alternatives --config mta
There are 2 programs which provide 'mta'.
Selection Command
-----------------------------------------------
*+ 1 /usr/sbin/sendmail.sendmail
2 /usr/sbin/sendmail.postfix
Enter to keep the current selection[+], or type selection number: 2
啟動(dòng)postfix服務(wù):
[root@server2 ~]# service postfix start
[root@server2 ~]# chkconfig postfix on
二、配置:
postfix的配置文件是main.cf,位于/etc/postfix目錄下:
[root@server2 postfix]# ls
access canonical header_checks main.cf makedefs.out postfix-files post-install TLS_LICENSE virtual
bounce.cf.default generic LICENSE main.cf.default master.cf postfix-script relocated transport
編輯main.cf文件:
[root@server2 postfix]# vi main.cf
找到以下行��,大概位于69行:
#myhostname = host.domain.tld��,修改為你自己的主機(jī)名,我這里是:
myhostname = rhel5.com.cn
在第78行:
#mydomain = domain.tld修改為:
mydomain = rhel5.com.cn
修改第112行:
將#inet_interfaces = localhost行改為你的IP地址�����,我的如下:
inet_interfaces = 192.168.1.12, 127.0.0.1
修改第157行:
mydestination = $myhostname, localhost.$mydomain, localhost改為如下:
mydestination =$myhostname, localhost.$mydomain, localhost, mail.$mydomain
去掉第94,95行的注釋符號(hào):
myorigin = $myhostname
myorigin = $mydomain
三�、開啟 postfix的SASL and PAM認(rèn)證:
編輯/etc/postfix/main.cf文件,加入以下行:
smtpd_sasl_auth_enable = yes //啟用sasl驗(yàn)證
smtpd_sasl_security_options = noanonymous //設(shè)定驗(yàn)證機(jī)制��,拒絕匿名用戶
broken_sasl_auth_clients = yes //
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
啟動(dòng)saslauthd進(jìn)程:
[root@server2 postfix]# service saslauthd start
[root@server2 postfix]# chkconfig saslauthd on
[root@server2 postfix]# chkconfig --list saslauthd
saslauthd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
接著是設(shè)置PAM認(rèn)證:
編輯 /etc/sysconfig/saslauthd文件�,設(shè)置如下:
MECH=pam
重啟postfix服務(wù)程序:
[root@server2 postfix]#service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
四、讓postfix支持ssl加密認(rèn)證:
1)��、創(chuàng)建smtpd.pem文件:
[root@server2 ~]#cd /etc/postfix
[root@server2 postfix]#openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
[root@server2 postfix]# ll
total 336
-rw-r--r-- 1 root root 17832 Aug 11 2008 access
-rw-r--r-- 1 root root 3550 Aug 11 2008 bounce.cf.default
-rw-r--r-- 1 root root 11175 Aug 11 2008 canonical
-rw-r--r-- 1 root root 9920 Aug 11 2008 generic
-rw-r--r-- 1 root root 16838 Aug 11 2008 header_checks
-rw-r--r-- 1 root root 11942 Aug 11 2008 LICENSE
-rw-r--r-- 1 root root 27493 Apr 7 21:31 main.cf
-rw-r--r-- 1 root root 17981 Aug 11 2008 main.cf.default
-rw-r--r-- 1 root root 958 Aug 11 2008 makedefs.out
-rw-r--r-- 1 root root 4134 Apr 7 21:23 master.cf
-rw-r--r-- 1 root root 17639 Aug 11 2008 postfix-files
-rwxr-xr-x 1 root root 6366 Aug 11 2008 postfix-script
-rwxr-xr-x 1 root root 22564 Aug 11 2008 post-install
-rw------- 1 root root 1024 Apr 7 21:37 prng_exch
-rw-r--r-- 1 root root 6805 Aug 11 2008 relocated
-rw-r--r-- 1 root root 2168 Apr 7 21:19 smtpd.pem
-rw-r--r-- 1 root root 1629 Aug 11 2008 TLS_LICENSE
-rw-r--r-- 1 root root 12081 Aug 11 2008 transport
-rw-r--r-- 1 root root 11984 Aug 11 2008 virtual
2)�、編輯/etc/postfix/main.cf文件,加入以下內(nèi)容:
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/postfix/smtpd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
保存退出�����!
3)�����、編輯/etc/postfix/master.cf文件��,確認(rèn)以下內(nèi)容沒(méi)有被注釋掉:
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
這里對(duì)應(yīng)的端口是465端口����,如果還存在以下內(nèi)容的話���,則系統(tǒng)會(huì)同時(shí)打開25端口的:
smtp inet n - n - - smtpd
注釋掉此行的話,系統(tǒng)只打開465端口�����!
4)��、重啟postfix服務(wù):
[root@server2 postfix]# service postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
5)���、檢查下相應(yīng)的端口是否打開:
[root@server2 postfix]# netstat -nutpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3045/hpiod
tcp 0 0 192.168.1.12:993 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:995 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:110 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 192.168.1.12:143 0.0.0.0:* LISTEN 3119/dovecot
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2737/portmap
tcp 0 0 192.168.1.12:465 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:465 0.0.0.0:* LISTEN 13056/master
tcp 0 0 192.168.1.12:53 0.0.0.0:* LISTEN 2707/named
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 3086/cupsd
tcp 0 0 192.168.1.12:25 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 13056/master
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2707/named
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3050/python
tcp 0 0 :::22 :::* LISTEN 3070/sshd
tcp 0 0 ::1:953 :::* LISTEN 2707/named
udp 0 0 192.168.1.12:53 0.0.0.0:* 2707/named
udp 0 0 0.0.0.0:69 0.0.0.0:* 3103/xinetd
udp 0 0 0.0.0.0:35146 0.0.0.0:* 2707/named
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3329/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2737/portmap
udp 0 0 0.0.0.0:631 0.0.0.0:* 3086/cupsd
udp 0 0 0.0.0.0:50298 0.0.0.0:* 3329/avahi-daemon:
udp 0 0 :::39057 :::* 3329/avahi-daemon:
udp 0 0 :::58033 :::* 2707/named
udp 0 0 :::5353 :::* 3329/avahi-daemon:
本文來(lái)自ChinaUnix博客�����,如果查看原文請(qǐng)點(diǎn):http://blog.chinaunix.net/u1/36549/showart_1894803.html |
|
免費(fèi)注冊(cè)
發(fā)表于 2009-04-08 23:06
