<![CDATA[Heck's Blog]]> https://www.heckjj.com/index.php zh-cn https://www.heckjj.com/centos53-cfg-mailserver-Postfix-html/ <![CDATA[Centos 5.3服务器完美配置之安装Postfix邮件服务器]]> Heck <@hecks.tk> Mon, 20 Sep 2010 17:24:32 +0000 https://www.heckjj.com/centos53-cfg-mailserver-Postfix-html/ Postfix邮件服务器的安装
现在安装Postfix以及Dovecot(Dovecot可以用作pop/imap服务器)。
yum install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain postfix dovecot

现在配置SMTP-AUTH以及TLS(如果你的smtp服务器不需要认证可以跳过这一步),使用root用户:
postconf -e 'smtpd_sasl_local_domain ='
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
postconf -e 'inet_interfaces = all'
postconf -e 'mynetworks = 127.0.0.0/8'

之后需要编辑/usr/lib/sasl2/smtpd.conf,64位CentOS上是/usr/lib64/sasl2/smtpd.conf:

vi /usr/lib/sasl2/smtpd.conf

将其中的内容编辑成类似如下的内容:

pwcheck_method: saslauthd
mech_list: plain login
之后创建TLS证书:
mkdir /etc/postfix/ssl
cd /etc/postfix/ssl/
openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
chmod 600 smtpd.keyopenssl req -new -key smtpd.key -out smtpd.csr
openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
openssl rsa -in smtpd.key -out smtpd.key.unencrypted

mv -f smtpd.key.unencrypted smtpd.key
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

之后对postfix配置TLS:
postconf -e 'smtpd_tls_auth_only = no'
postconf -e 'smtp_use_tls = yes'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtp_tls_note_starttls_offer = yes'
postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key'
postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt'
postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem'
postconf -e 'smtpd_tls_loglevel = 1'
postconf -e 'smtpd_tls_received_header = yes'
postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
postconf -e 'tls_random_source = dev:/dev/urandom'
然后配置smtp服务器的域名:postconf -e 'myhostname = server1.example.com'把server1.example.com换成你的域名之后检查一下你的配置,所有的配置都在/etc/postfix/main.cf中:cat /etc/postfix/main.cf其中的内容应该类似下面:

安装Dovecot用于POP/IMAP服务器
默认情况下,CentOS上Dovecot只用于IMAP服务器,如果你也想用它做pop服务器可以修改/etc/dovecot.conf.将其中的protocols改成:protocols = imap imaps pop3 pop3s用vi打开配置文件:
vi /etc/dovecot.conf其中的内容修改成类似这样的:
[...]
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Protocols we want to be serving: imap imaps pop3 pop3s
# If you only want to use dovecot-auth, you can set this to "none".protocols = imap imaps pop3 pop3s
# IP or host address where to listen in for connections. It's not currently
# possible to specify multiple addresses. "*" listens in all IPv4 interfaces.
# "[::]" listens in all IPv6 interfaces, but may also listen in all IPv4
# interfaces depending on the operating system.
[...]配置MailDir
postconf -e 'home_mailbox = Maildir/'
postconf -e 'mailbox_command ='
/etc/init.d/postfix restart
启动邮件服务器启动
postfix,saslauthd以及dovecot:
chkconfig --levels 235 sendmail off  
chkconfig --levels 235 postfix on  
chkconfig --levels 235 saslauthd on  
chkconfig --levels 235 dovecot on  
/etc/init.d/sendmail stop  
/etc/init.d/postfix start  
/etc/init.d/saslauthd start  
/etc/init.d/dovecot start之后验证是否smtp服务器已经开始运行:telnet localhost 25 连接上以后打这个命令:ehlo localhost

如果postfix已经正常启动应该看到这样一行字:

250-STARTTLS

以及:

250-AUTH PLAIN LOGIN

然后打入:quit退出这次连接。
Tags - , , ]]> https://www.heckjj.com/centos53-cfg-mailserver-Postfix-html/#blogcomment <![CDATA[[评论] Centos 5.3服务器完美配置之安装Postfix邮件服务器]]> <user@domain.com> Thu, 01 Jan 1970 00:00:00 +0000 https://www.heckjj.com/centos53-cfg-mailserver-Postfix-html/#blogcomment