> 搭建內(nèi)部郵箱服務(wù)器,可以在員工離職回收郵箱,避免文件泄露。
## 配置postfix
```
# 設(shè)置主機(jī)名
[root@localhost ~]# hostnamectl --static set-hostname mail.hellopasswd.com
# 查看主機(jī)名
[root@mail ~]# hostname
```
> CentOS 7默認(rèn)情況下已安裝postfix
```
# 檢測(cè)系統(tǒng)是否安裝postfix
[root@mail ~]# rpm -q postfix
# 安裝postfix
[root@mail ~]# yum install -y postfix
# 檢查postfix是否支持devecot代理
[root@mail ~]# postconf -a
```
```
# 修改postfix的主配置文件main.cf
[root@mail ~]# vi /etc/postfix/main.cf
將#myhostname = host.domain.tld去除注釋并修改為myhostname = mail.hellopasswd.com #修改主機(jī)名
將#mydomain = domain.tld去除注釋并修改為mydomain = hellopasswd.com #設(shè)置域名
將#myorigin = $myhostname去除注釋并修改為myorigin = $mydomain #設(shè)置發(fā)送郵件時(shí)mail from的值
去除注釋#inet_interfaces = all為inet_interfaces = all #設(shè)置監(jiān)聽所有服務(wù)器接口
并將inet_interfaces = localhost注釋#inet_interfaces = localhost
在mydestination = $myhostname, localhost.$mydomain, localhost后添加$mydomain為mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain #設(shè)置郵件服務(wù)器可以接受哪些郵件
將#mynetworks = 168.100.189.0/28, 127.0.0.0/8去除注釋并修改為mynetworks = 192.168.37.0/24, 127.0.0.0/8 #設(shè)置該服務(wù)器可以轉(zhuǎn)發(fā)郵件的網(wǎng)絡(luò)
將#relay_domains = $mydestination去除注釋并修改為relay_domains = $mydomain #該郵件服務(wù)器可以轉(zhuǎn)發(fā)的郵件域名,表示該服務(wù)器可以轉(zhuǎn)發(fā)本域名內(nèi)的所有郵件
去除注釋#home_mailbox = Maildir/為home_mailbox = Maildir/ #設(shè)置郵件的存儲(chǔ)位置,為每一個(gè)郵件保存成一個(gè)文件
# 檢查是否存在語(yǔ)法錯(cuò)誤
[root@mail ~]# postfix check
```
```
# 開放smtp所使用的TCP端口
[root@mail ~]# firewall-cmd --permanent --add-port=25/tc
# 開放postfix所使用的smtp協(xié)議
[root@mail ~]# firewall-cmd --permanent --add-service=smtp
# 加載防火墻
[root@mail ~]# firewall-cmd --reload
# 啟動(dòng)postfix服務(wù)
[root@mail ~]# systemctl start postfix
# 設(shè)置開啟自啟
[root@mail ~]# systemctl enable postfix
# 查看postfix運(yùn)行狀態(tài)
[root@mail ~]# systemctl status postfix
```
## 配置devecot
```
# 安裝dovecot
[root@mail ~]# yum install -y dovecot
# 檢查dovecot是否安裝成功
[root@mail ~]# rpm -q dovecot
```
```
# 修改dovecot服務(wù)配置
[root@mail ~]# vi /etc/dovecot/dovecot.conf
去除注釋#protocols = imap pop3 lmtp為protocols = imap pop3 lmtp #指定支持的收件協(xié)議
去除注釋#listen = *, ::為listen = *, :: #監(jiān)聽本機(jī)的所有網(wǎng)絡(luò)接口
將#login_trusted_networks =去除注釋并添加login_trusted_networks = 192.168.37.0/24 #指定允許登錄的網(wǎng)絡(luò)地址,表示與服務(wù)器同一網(wǎng)段都允許登錄
# 修改郵件存儲(chǔ)位置
[root@mail ~]# vi /etc/dovecot/conf.d/10-mail.conf
去除注釋# mail_location = maildir:~/Maildir為mail_location = maildir:~/Maildir #表示存儲(chǔ)郵件時(shí),每一個(gè)郵件存儲(chǔ)成一個(gè)文件
```
```
# 開放pop3協(xié)議
[root@mail ~]# firewall-cmd --permanent --add-service=pop3
# 開放pop3協(xié)議端口號(hào)
[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp
# 開放imap協(xié)議
[root@mail ~]# firewall-cmd --permanent --add-service=imap
# 開放imap協(xié)議端口號(hào)
[root@mail ~]# firewall-cmd --permanent --add-port=143/tcp
# 加載防火墻
[root@mail ~]# firewall-cmd --reload
```
```
# 啟動(dòng)dovecot服務(wù)
[root@mail ~]# systemctl start dovecot
# 加入開機(jī)自啟
[root@mail ~]# systemctl enable dovecot
# 查看狀態(tài)
[root@mail ~]# systemctl status dovecot
```
## 郵件服務(wù)器創(chuàng)建用戶以及使用telnet服務(wù)
```
# 服務(wù)器端創(chuàng)建測(cè)試用戶組mail
[root@mail ~]# groupadd mail
# 創(chuàng)建測(cè)試用戶user1
[root@mail ~]# useradd -g mail -s /sbin/nologin user1
# 創(chuàng)建測(cè)試用戶user2
[root@mail ~]# useradd -g mail -s /sbin/nologin user2
# 設(shè)置測(cè)試用戶密碼
[root@mail ~]# passwd user1
123
[root@mail ~]# passwd user2
123
```
```
# 服務(wù)器安裝telnet服務(wù)器
[root@mail ~]# yum install -y telnet-server
# 啟動(dòng)telnet服務(wù)
[root@mail ~]# systemctl start telnet.socket
# 將telnet服務(wù)設(shè)置為開啟自啟
[root@mail ~]# systemctl enable telnet.socket
# 開放telnet服務(wù)
[root@mail ~]# firewall-cmd --permanent --add-service=telnet
# 開放telnet端口
[root@mail ~]# firewall-cmd --permanent --add-port=23/tcp
# 重新加載防火墻
[root@mail ~]# firewall-cmd --reload
```
## 客戶端收發(fā)郵件測(cè)試
```
# 客戶端安裝telnet軟件
[root@localhost ~]# yum install telnet.x86_64
# 硬解析
[root@localhost ~]# vi /etc/hosts
添加192.168.37.137 mail.hellopasswd.com #添加服務(wù)器IP以及郵箱解析域名
# 連接郵件服務(wù)器的25端口,進(jìn)行客戶端發(fā)送郵件測(cè)試
[root@localhost ~]# telnet mail.hellopasswd.com 25
mail from:user1@hellopasswd.com #告知發(fā)件人
rcpt to:user2@hellopasswd.com #告知收件人
DATA #告知服務(wù)器要開始傳送數(shù)據(jù)
subject:The first mail #郵件主題
Hello World! #內(nèi)容
. #郵件已點(diǎn)結(jié)束
quit #退出郵件服務(wù)器
```
```
# 客戶端連接服務(wù)器的110端口,進(jìn)行客戶端接收郵件測(cè)試
[root@localhost ~]# telnet mail.hellopasswd.com 110
user user2 #收件人用戶名user2
pass 123 #user2的密碼
list #列出郵箱中的所有郵件
retr 1 #檢索第一封郵件
quit #退出并結(jié)束telnet會(huì)話
```
## 常見故障
```
# 接收郵件填寫用戶名時(shí)出現(xiàn)報(bào)錯(cuò)信息
-ERR [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
# 解決方法
[root@mail ~]# vi /etc/dovecot/conf.d/10-auth.conf
將#disable_plaintext_auth = yes去除注釋并修改disable_plaintext_auth = no
[root@mail ~]# vi /etc/dovecot/conf.d/10-ssl.conf
將ssl = required修改為ssl = no
[root@mail ~]# systemctl restart dovecot
```
```
# 完整發(fā)送郵件內(nèi)容
[root@localhost ~]# telnet 192.168.37.137 25
Trying 192.168.37.137...
Connected to 192.168.37.137.
Escape character is '^]'.
220 mail.hellopasswd.com ESMTP Postfix
mail from:user1@hellopasswd.com
250 2.1.0 Ok
rcpt to:user2@hellopasswd.com
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
subject:The first mail
Hello World!
.
250 2.0.0 Ok: queued as 9CE072019CD6
quit
221 2.0.0 Bye
Connection closed by foreign host.
# 完整接收郵件內(nèi)容
[root@localhost ~]# telnet 192.168.37.137 110
Trying 192.168.37.137...
Connected to 192.168.37.137.
Escape character is '^]'.
+OK Dovecot ready.
user user2
+OK
pass 123
+OK Logged in.
list
+OK 1 messages:
1 335
.
retr 1
+OK 335 octets
Return-Path: <user1@hellopasswd.com>
X-Original-To: user2@hellopasswd.com
Delivered-To: user2@hellopasswd.com
Received: from unknown (unknown [192.168.37.110])
by mail.hellopasswd.com (Postfix) with SMTP id 9CE072019CD6
for <user2@hellopasswd.com>; Thu, 30 Jul 2020 10:00:40 +0800 (CST)
subject:The first mail
Hello World!
.
quit
+OK Logging out.
Connection closed by foreign host.
```
## 配置空殼郵件服務(wù)器作為郵件代理
```
# 空殼郵件服務(wù)的主機(jī)設(shè)置為Null
[root@localhost ~]# hostnamectl --static set-hostname Null.hellopasswd.com
# 查看主機(jī)名
[root@Null ~]# hostname
```
```
# 修改postfix的主配置文件main.cf
[root@Null ~]# vi /etc/postfix/main.cf
將#myhostname = host.domain.tld去除注釋并修改為myhostname = Null.hellopasswd.com #修改郵件服務(wù)器主機(jī)名
將#mydomain = domain.tld去除注釋并修改為mydomain = hellopasswd.com #修改空殼服務(wù)器所在的域
將#myorigin = $myhostname去除注釋并修改為myorigin = Null.com #設(shè)置郵件服務(wù)器發(fā)送郵件是mail from的值
去除注釋#inet_interfaces = all為inet_interfaces = all #修改服務(wù)器的監(jiān)聽接口
并將注釋inet_interfaces = localhost為#inet_interfaces = localhost
將mydestination = $myhostname, localhost.$mydomain, localhost修改為mydestination = #由于空殼郵件服務(wù)器不接收任何郵件,因此將mydestination的值設(shè)置為空
將#mynetworks = 168.100.189.0/28, 127.0.0.0/8去除注釋并修改為mynetworks = 192.168.37.0/24, 127.0.0.0/8 #修改郵件服務(wù)器可以轉(zhuǎn)發(fā)郵件的網(wǎng)絡(luò)ip地址
將#relayhost = [an.ip.add.ress]去除注釋并修改為relayhost = 192.168.37.137 #修改郵件可以轉(zhuǎn)發(fā)到指定的服務(wù)器
# 檢查是否存在語(yǔ)法錯(cuò)誤
[root@Null ~]# postfix check
```
```
# 開放smtp協(xié)議服務(wù)
[root@Null ~]# firewall-cmd --permanent --add-service=smtp
# 開放smtp協(xié)議的TCP的25端口
[root@Null ~]# firewall-cmd --permanent --add-port=25/tcp
# 重新加載防護(hù)墻
[root@Null ~]# firewall-cmd --reload
# 啟動(dòng)postfix服務(wù)
[root@Null ~]# systemctl start postfix
# 加入開機(jī)自啟
[root@Null ~]# systemctl enable postfix
# 查看postfix運(yùn)行狀態(tài)
[root@Null ~]# systemctl status postfix
```
## 空殼郵件服務(wù)器發(fā)送郵件測(cè)試
```
# 通過安裝mailx使用mail命令在空殼郵件服務(wù)器進(jìn)行發(fā)送郵件測(cè)試
[root@Null ~]# yum install -y mailx
[root@Null ~]# mail user2@hellopasswd.com #發(fā)送郵件給user2
Subject: The last mail #郵件主題
Goodbye! #郵件內(nèi)容
. #郵件內(nèi)容已點(diǎn)結(jié)束
# 查看日志是否發(fā)送郵件成功
[root@Null ~]# cat /var/log/maillog
Jul 28 02:32:19 localhost postfix/postfix-script[2567]: starting the Postfix mail system
Jul 28 02:32:19 localhost postfix/master[2584]: daemon started -- version 2.10.1, configuration /etc/postfix
Jul 28 06:07:11 localhost postfix/pickup[19974]: 9234A20E472E: uid=0 from=<root>
Jul 28 06:07:11 localhost postfix/cleanup[20036]: 9234A20E472E: message-id=<20200727220711.9234A20E472E@Null.hellopasswd.com>
Jul 28 06:07:11 localhost postfix/qmgr[2602]: 9234A20E472E: from=<root@Null.com>, size=447, nrcpt=1 (queue active)
Jul 28 06:07:13 localhost postfix/smtp[20038]: 9234A20E472E: to=<user2@hellopasswd.com>, relay=192.168.37.137[192.168.37.137]:25, delay=2.4, delays=0.09/0.05/2.2/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 7BFB92019CD6)
Jul 28 06:07:13 localhost postfix/qmgr[2602]: 9234A20E472E: removed
```
## 客戶端接收郵件測(cè)試
```
# 客戶端硬解析
[root@localhost ~]# vi /etc/hosts
添加192.168.37.137 mail.hellopasswd.com #添加服務(wù)器IP以及郵箱解析域名
# 客戶端在通過110端口連接dovecot服務(wù)接收郵件測(cè)試
[root@localhost ~]# telnet mail.hellopasswd.com 110
Trying 192.168.37.137...
Connected to mail.hellopasswd.com.
Escape character is '^]'.
+OK Dovecot ready.
user user2
+OK
pass 123
+OK Logged in.
list
+OK 2 messages:
1 335
2 748
.
retr 2
+OK 748 octets
Return-Path: <root@Null.com>
X-Original-To: user2@hellopasswd.com
Delivered-To: user2@hellopasswd.com
Received: from Null.hellopasswd.com (unknown [192.168.37.110])
by mail.hellopasswd.com (Postfix) with ESMTP id 7BFB92019CD6
for <user2@hellopasswd.com>; Thu, 30 Jul 2020 11:03:51 +0800 (CST)
Received: by Null.hellopasswd.com (Postfix, from userid 0)
id 9234A20E472E; Tue, 28 Jul 2020 06:07:11 +0800 (CST)
Date: Tue, 28 Jul 2020 06:07:11 +0800
To: user2@hellopasswd.com
Subject: The last mail
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20200727220711.9234A20E472E@Null.hellopasswd.com>
From: root@Null.com (root)
Goodbye!
.
quit
+OK Logging out.
Connection closed by foreign host.
```