- 浏览: 1233626 次
- 性别:
- 来自: 上海
文章分类
最新评论
-
lankk:
lankk 写道事实上,在运行String s1=new St ...
理解String 及 String.intern() 在实际中的应用 -
lankk:
事实上,在运行String s1=new String(&qu ...
理解String 及 String.intern() 在实际中的应用 -
lankk:
同意1楼的说法http://docs.oracle.com/j ...
理解String 及 String.intern() 在实际中的应用 -
raoyutao:
...
jdk 线程池 ThreadPoolExecutor -
hongdanning:
理解了。之前困惑的一些明白了。谢谢分享。
理解String 及 String.intern() 在实际中的应用
基本上是按照 http://flurdy.com/docs/postfix 这个教程做的
推荐初次搭建邮件服务器的人看的书
LINUX系统管理技术手册(第2版)
POSTFIX权威指南
这2本书里面讲了很多邮件服务器方面的基本概念,不明白的话配置文件的时候简直像猜大小
写几点要注意的地方
ln -s /tmp/mysql.sock /var/run/mysqld/mysqld.sock
配置postfix邮件系统要很多配置文件, 里面的某些配置文件里面是不会自动trim()的, 如:
xxx = mysql
有一个认证模块的配置文件里面我在mysql后面多了一个空格,结果log一直提示我mysql模块未安装,
其实它说的是'mysql '模块,注意到没,引号里有一个空格,这个错误弄了老半天,最后在网上看到老外也提到了这点,才试着一个个去去除空格,结果就好了。。。
还有一个,就是配置ssl,生成证书的时候,他会让你写一些信息, 如下
Country Name (2 letter code) [AU]:cn
State or Province Name (full name) [Some-State]:sh
Locality Name (eg, city) []:pd
Organization Name (eg, company) [Internet Widgits Pty Ltd]:company
Organizational Unit Name (eg, section) []:section
Common Name (eg, YOUR name) []:yourdomain.com
Email Address []:xxx@gmail.com
这里的Common Name一定要和你的邮件服务器的名字一样,其他无所谓, 这里也是碰壁了,网上查了才知道的,原文没有提到
最后就配置了mysql+postfix+sasl_ssl,配置文件记一下
vi /etc/mailname
mailserver.com
vi /etc/postfix/main.cf
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/postfix/postfix.cert smtpd_tls_key_file=/etc/postfix/postfix.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = mailserver.com myorigin = mailserver.com relayhost = mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all mynetworks_style = host local_recipient_maps = mydestination = alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases virtual_mailbox_base = /var/spool/mail/virtual virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit smtpd_sender_restrictions =permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit #smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org smtpd_recipient_restrictions = reject_unauth_pipelining, permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining # how long if undelivered before sending warning update to sender delay_warning_time = 4h # will it be a permanent error or temporary unknown_local_recipient_reject_code = 450 # how long to keep message on queue before return as failed. # some have 3 days, I have 16 days as I am backup server for some people # whom go on holiday with their server switched off. maximal_queue_lifetime = 7d # max and min time in seconds between retries if connection failed minimal_backoff_time = 1000s maximal_backoff_time = 8000s # how long to wait when servers connect before receiving rest of data smtp_helo_timeout = 60s # how many address can be used in one message. # effective stopper to mass spammers, accidental copy in whole address list # but may restrict intentional mail shots. smtpd_recipient_limit = 999 # how many error before back off. smtpd_soft_error_limit = 3 # how many max errors before blocking it. smtpd_hard_error_limit = 12
vi /etc/postfix/mysql_mailbox.cf
vi /etc/postfix/mysql_alias.cf
vi /etc/postfix/mysql_domains.cf
这3个文件没什么可说的 注意后面没有空格就好了
vi /etc/courier/authdaemonrc
authmodulelist="authmysql" 注意这个就好了 其他没改
vi /etc/courier/authmysqlrc
这个也是照着教程上的改就好了 注意的就是 MYSQL_CRYPT_PWFIELD crypt # MYSQL_CLEAR_PWFIELD clear
vi /etc/courier/imapd
这里没改
vi /etc/default/saslauthd
START=yes OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd" 就改了这2个地方
vi /etc/postfix/sasl/smtpd.conf 这个文件就是空格事件的案发现场
pwcheck_method:saslauthd mech_list: plain login cram-md5 digest-md5 log_level: 7 allow_plaintext: true auxprop_plugin: mysql sql_engine: mysql sql_hostnames: 127.0.0.1 sql_user: admin sql_passw: admin sql_database: maildb sql_select: select crypt from users where id='%u@%r' and enabled = 1
vi /etc/pam.d/smtp
auth required pam_mysql.so user=mail passwd=aPASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1 account sufficient pam_mysql.so user=mail passwd=aPASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
vi /etc/postfix/master.cf 这个是配ssl时改的
smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sasl_security_options=noanonymous,noplaintext -o smtpd_sasl_tls_security_options=noanonymous
配置amavis 基本上也是按照教程来的 然后用其他邮箱发邮件测试 看mail.log的输出 这里我就出了一个文件读取权限的错误 改
daemon_user 就好了
vi /etc/amavis/conf.d/50-user
$mydomain = 'yourdomain'; $myhostname = 'yourdomain'; $daemon_user= 'amavis'; $daemon_group= 'amavis'; @local_domains_acl = qw(.); $log_level = 1; $syslog_priority = 'info'; $sa_kill_level_deflt = 8.0; # triggers spam evasive actions #$final_spam_destiny = D_PASS; $final_spam_destiny = D_DISCARD;
vi /etc/postfix/master.cf
pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
vi /etc/postfix/main.cf
content_filter = amavis:[127.0.0.1]:10024
vi
/etc/amavis/conf.d/15-content_filter_mode
@bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
在用javamail发邮件的时候出了问题 说 unable to find valid certification path to requested target
一看就是认证方面的
接着就上网找资料 重新配置认证文件,然后把认证文件导入到当前用到的jre\lib\security\cacerts中,
我很怀疑其实我原来的认证文件就可以的,只要导入到当前的jre中就可以
怎么导入呢
JDK/bin/keytool -import -file mailcert.pem -keystore %java_home%/jre/lib/security/cacerts
这里会问密码 是 changeit 这个对jdk都是一样的 默认密码
这里要注意的是你的java运行的时候用的那个jre你就要导入到那个里去,mailcert.pem就是你mailserver用到的认证文件
===========================================================
配置认证文件
8.1 配置OpenSSL
8.1.1 制作root CA
1. 修改openssl配置文件
修改openssl配置文件:/etc/pki/tls/openssl.cnf
将
- dir = ../../CA # Where everything is kept
改成
- dir = /etc/pki/CA # Where everything is kept
2. 安装CA的脚本
- shell# yum install openssl-perl
3. 生成Root CA
备份原有文件
- shell# cd /etc/pki
- shell# mv CA CA.bak
生成Root CA
- shell# cd /etc/pki/tls/misc/
- shell# ./CA.pl -newca
下面为脚本的输出
- CA certificate filename (or enter to create)
-
- Making CA certificate ...
- Generating a 1024 bit RSA private key
- .....++++++
- ...................................++++++
- writing new private key to '../../CA/private/cakey.pem'
- Enter PEM pass phrase:
- Verifying - Enter PEM pass phrase:
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [CN]:CN
- State or Province Name (full name) [Liaoning]:Liaoning
- Locality Name (eg, city) [Dalian]: Dalian
- Organization Name (eg, company) [My Company Ltd]:test dot com
- Organizational Unit Name (eg, section) []:test
- Common Name (eg, your name or your server's hostname) []:test
- Email Address []:postmaster@test.com
-
- Please enter the following 'extra' attributes
- to be sent with your certificate request
- A challenge password []:
- An optional company name []:
- Using configuration from /etc/pki/tls/openssl.cnf
- Enter pass phrase for ../../CA/private/cakey.pem:
- Check that the request matches the signature
- Signature ok
- Certificate Details:
- Serial Number:
- f4:60:02:37:19:43:e5:5e
- Validity
- Not Before: Dec 2 13:23:11 2009 GMT
- Not After : Dec 1 13:23:11 2012 GMT
- Subject:
- countryName = CN
- stateOrProvinceName = Liaoning
- organizationName = test dot com
- organizationalUnitName = test
- commonName = test
- emailAddress = postmaster@test.com
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 77:21:CF:21:FA:CA:2E:92:D1:7D:9D:D8:F9:7C:05:A1:EE:57:4A:DC
- X509v3 Authority Key Identifier:
- keyid:77:21:CF:21:FA:CA:2E:92:D1:7D:9D:D8:F9:7C:05:A1:EE:57:4A:DC
- DirName:/C=CN/ST=Liaoning/O=test dot com/OU=test/CN=test/emailAddress=postmaster@test.com
- serial:F4:60:02:37:19:43:E5:5E
-
- X509v3 Basic Constraints:
- CA:TRUE
- Certificate is to be certified until Dec 1 13:23:11 2012 GMT (1095 days)
-
- Write out database with 1 new entries
- Data Base Updated
8.1.2 生成私钥和req文件
1. 建立私钥目录
- shell# mkdir /etc/pki/myca
- shell# cd /etc/pki/myca
2. 生成私钥和req文件
- shell# openssl req -new -nodes -keyout mailkey.pem -out mailreq.pem -days 3650
下面为输出内容:
- Generating a 1024 bit RSA private key
- ....++++++
- ....++++++
- writing new private key to 'mailkey.pem'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [CN]: CN
- State or Province Name (full name) [Liaoning]: Liaoning
- Locality Name (eg, city) [Dalian]: Dalian
- Organization Name (eg, company) [My Company Ltd]:test dot com
- Organizational Unit Name (eg, section) []:test
- Common Name (eg, your name or your server's hostname) []:test
- Email Address []:postmaster@test.com
-
- Please enter the following 'extra' attributes
- to be sent with your certificate request
- A challenge password []:
- An optional company name []:
查看文件是否生成:
- shell# cd /etc/pki/myca
- shell# ls -l
- total 8
- -rw-r--r-- 1 root root 887 Dec 2 21:28 mailkey.pem
- -rw-r--r-- 1 root root 700 Dec 2 21:28 mailreq.pem
在上面文件中mailkey.pem为私钥 ,mailreq.pem为req文件。
8.1.3 签署req文件
- shell# openssl x509 -req -days 3650 -in mailreq.pem -signkey mailkey.pem -out mailcert.pem
输出内容
- Signature ok
- subject=/C=CN/ST=Liaoning/L=Dalian/O=test dot com/OU=test/CN=test/emailAddress=postmaster@test.com
- Getting Private key
将root CA 复制到私钥的目录中
- shell# cp /etc/pki/CA/cacert.pem /etc/pki/myca
8.2 配置postfix
修改 /etc/postfix/main.cf 增加一下几行
- # tls setting for smtp server
- smtpd_use_tls = yes
- smtpd_tls_key_file = /etc/pki/myca/mailkey.pem
- smtpd_tls_cert_file = /etc/pki/myca/mailcert.pem
- smtpd_tls_CAfile = /etc/pki/myca/cacert.pem
- #smtpd_tls_security_level = encrypt
- smtpd_tls_received_header = yes
- smtpd_enforce_tls = yes
- smtpd_tls_loglevel = 2
-
- # tls setting for smtp client
- smtp_use_tls = yes
- smtp_tls_key_file = /etc/pki/myca/mailkey.pem
- smtp_tls_cert_file = /etc/pki/myca/mailcert.pem
- smtp_tls_CAfile = /etc/pki/myca/cacert.pem
- #smtp_tls_policy_maps = hash:/etc/postfix/tls_policy_maps
修改/etc/postfix/master.cf文件
增加下面内容:
- smtps inet n - n - - smtpd
- -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
重启动postfix
source :
http://bbs.chinaunix.net/archiver/tid-1664576.html
http://bbs.chinaunix.net/viewthread.php?tid=1664576
发表评论
-
shell 批量 复制文件 并 替换文件内容
2012-08-10 09:04 3237任务 找出文件夹下所有png的文件的文件名, 复制xxx ... -
shell编程 拿到标准输入
2012-01-05 13:54 2266在shell编程中我们可以通过$1拿到参数 如 ./ ... -
shell 脚本自动下载连续图片
2011-10-20 21:43 1709自动下载 000.jpg-199.jpg . ... -
(转)apache rewrite
2011-03-09 16:56 1471RewriteEngine on RewriteCond ... -
转: Linux中查看系统资源占用情况的命令
2010-12-06 16:47 1254用 'top -i' 看看有多少 ... -
如何查看MX记录是否生效 A CNAME MX
2010-12-02 21:06 2919如何查 看MX记录是 ... -
(转)测试网页响应时间的shell脚本[需要curl支持]
2010-10-12 17:31 5264用法及返回结果如下: lvyaozu@lvyaozu-des ... -
linux 删除目录下的N天前的文件
2010-10-08 10:12 2281find /var/log/xxx -daystart -ty ... -
linux 系统 校准时间
2010-09-27 16:56 2147/usr/sbin/ntpdate 210.72.145.4 ... -
nginx rewrite (转)
2010-09-26 14:57 8758rewrite "^/api/say/(?!se ... -
haproxy nginx tomcat
2010-09-25 17:38 4240拟机上搭了 haproxy nginx t ... -
nginx wordpress permalinks Month and name
2010-09-17 15:44 1811在nginx下搭建wordpress 并使用permalink ... -
nginx gzip duplicate MIME type “text/html”
2010-09-14 10:37 8785指令 [#gzip gzip] [#gzip_ ... -
nginx alias expires 禁止IP直接访问
2010-09-03 11:47 2416nginx貌似没有虚拟目录 ... -
服务器间 传送 文件
2010-08-27 15:41 1424scp -P 22 filename logUsernam ... -
linux 查看 系统版本信息 语言
2010-08-23 16:08 1377redhat, centos cat /etc/redha ... -
postfix 限制 及 BCC 查看版本号
2010-08-06 20:33 2874查看版本号 postconf mail_ve ... -
curl 登录表单 获取cookie
2010-07-26 11:55 3534登录表单 并保存cookie curl -c cook ... -
Ubuntu 定时任务 发邮件
2010-07-21 18:18 2277vi /etc/crontab 第一行 ... -
配置phpmyadmin munin htpasswd
2010-07-13 17:48 1260config <VirtualHost *:80> ...
相关推荐
Linux 下 Postfix 邮件服务器搭建 在 Linux 下成功搭建起 Postfix 服务器需要完成以下几个步骤:安装 Postfix、配置 main.cf 文件、添加 DNS 服务器和测试 Postfix。 一、安装 Postfix 首先,需要卸载 sendmail ...
WebMail 邮件服务器搭建:postfix+dovecot+roundcube 邮件服务器是Internet应用中一个非常重要的组件,它们负责将电子邮件从发送者传递到接收者。邮件服务器可以分为三个部分:Mail User Agent(MUA)、Mail ...
Linux 邮件服务器 Postfix 和 DNS 服务器的搭建宣贯 标题:Linux 下的邮件服务器 Postfix 和 DNS 服务器的搭建宣贯 描述:本文档介绍了 Linux 下邮件服务器 Postfix 和 DNS 服务器的搭建宣贯,涵盖了 Postfix 服务...
在本文中,我们将深入探讨如何搭建一个基于Postfix的邮件服务器,并结合Cyrus-IMAP、Cyrus-SASL、MySQL以及IMP等组件,构建一个完整的邮件系统。Postfix是一个广泛使用的开源邮件传输代理,它以其稳定性和高效性而...
在本文中,我们将详细介绍如何在Red Hat 5.4 Linux服务器上搭建一个全功能的Postfix邮件服务器。这个过程涉及到多个软件包的安装、配置以及DNS设置,以确保邮件服务器能够正常运行并提供IMAP、POP3以及Web界面的邮件...
在Red Hat 5平台上搭建Postfix邮件服务是一个重要的任务,因为Postfix是一个高效且安全的邮件传输代理,尤其适合大型企业或需要高级功能的环境。Postfix以其模块化设计著称,由多个独立的程序组成,每个程序都有特定...
树莓派因其小巧的体积和低功耗,成为搭建邮件服务器的理想选择。 首先,让我们了解Postfix。Postfix是一款开源的Mail Transfer Agent(MTA),它负责处理SMTP协议下的电子邮件发送和接收。MTA是邮件服务器的核心...
通过以上步骤,可以有效地将OpenLDAP与Postfix集成,实现SASL认证,增强了邮件服务器的安全性和账户管理效率。这种集成不仅适用于Debian系统,对于FreeBSD等其他操作系统也有一定的参考价值,尽管具体步骤可能会有所...
本教程将详细讲解如何在基于Linux的CentOS操作系统上搭建Postfix邮件系统。 首先,让我们了解Postfix的基本概念。Postfix是由Wietse Venema开发的,其设计目标是安全、快速且易于管理。它采用了模块化结构,允许...
【基于Postfix的邮件服务器搭建】在Linux Red Hat Enterprise Linux Server release 6.3环境下,构建邮件服务器的主要目标包括:1) 实现局域网内相同域名的邮件互发;2) 支持向外部互联网邮箱发送邮件;3) 对部分...
总结来说,搭建Postfix邮件服务器需要安装和配置Postfix、Webmail客户端(如Roundcube)以及数据库管理工具(如PHPMyadmin)。通过合理设置,可以创建一个功能齐全、安全可靠的邮件系统,满足企业或个人的邮件通信...
Postfix的设计目标是兼顾安全、性能和易用性,使其成为搭建全功能邮件服务器的理想选择。在本教程中,我们将讨论如何在RHEL系统上使用最新源码包构建一个基于Postfix的全功能邮件服务器。 首先,为了支持邮件服务器...
本文档主要介绍了在 Linux 平台上搭建邮件服务器的基本配置及截图,涉及到的技术有 Postfix 和 Dovecot。 邮件服务器搭建 邮件服务器是指能够发送和接收电子邮件的服务器。邮件服务器通常包括邮件传输代理(MTA)...
这篇文章将对比几种主流的Linux邮件服务器软件,重点介绍Postfix的特点和优势。 Postfix是由IBM资助并由Wietse Venema开发的,其设计目标是成为Sendmail之外的高效、安全、易管理的邮件服务器解决方案。Postfix强调...
综上所述,通过组合使用 FreeBSD、Postfix、MySQL、Maildrop、ExtMan、Mailman、ClamAV 等组件,可以构建一个功能强大且安全稳定的邮件服务器系统。这一方案不仅满足了基本的邮件收发需求,还提供了额外的安全防护...