1. 简介
电子邮件(Email)系统是我们在日常工作、生活中最常用的一个网络服务。
一个完整的电子邮件服务系统,一般包括三个部分
- MUA邮件用户代理程序,帮助用户发送和接收邮件,主要作用是将用户的邮件发送到邮件主机上或者将用户的邮件从邮件主机上接受下来
- MTA邮件传送代理程序也就是邮件服务器,用来监控和传送邮件
- 电子邮件协议
- SMTP,Simple Mail Transfer Protocol,简单邮件传输协议,SMPT是请求响应协议,监听25号端口,用于接收用户的邮件请求,并与远程邮件服务器建立SMPT连接
- POP3,Post Office Protocol,邮局协议,用于接收电子邮件,使用TCP的110端口
- IMAP4,Internet Message Access Protocol,主要提供的是通过Internet获取信息的一种协议,使用TCP的143端口
- Web Mail
2. Kylin V10基础配置
Kylin V10各个版本,有些许差异,
2.1 关闭防火墙、selinux
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config
SELINUX=disabled
改完配置重启系统
2.2 配置软件源
vim /etc/yum.repos.d/kylin_aarch64.repo
###Kylin Linux Advanced Server 10 - os repo###
[ks10-adv-cdrom]
name = Kylin Linux Advanced Server 10 - cdrom
#baseurl = file:///run/media/root/KYLIN10-SVR
baseurl = http://archive2.kylinos.cn/rpm/kylin/production/KY-KY10-GFB-aarch64/custom/kylin-server/KY10-GFB-aarch64-2204/
gpgcheck = 0
enabled = 1
3. 配置域名服务器
3.1 配置服务器主机名
配置服务器主机名称,需要保证服务器主机名称与发信域名保持一致,根据自己的域名需求填写
hostnamectl set-hostname mail.kylincloud.com
退出重新登录后,主机名显示已修改的
3.2 安装bind
yum -y install bind
3.3 配置bind
3.3.1 主配置文件
vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
vim /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
zone "kylincloud.com" IN {
type master;
file "kylincloud.com.zone";
allow-update { none; };
};
通过named-checkconf命令检查配置文件是否有问题
注意分号和tab键
3.3.2 区域配置文件
在复制正向解析模板文件时,在cp命令后面追加-a参数,以便让新文件继承原文件的属性和权限信息
cp -a /var/named/named.localhost /var/named/kylincloud.com.zone
vim /var/named/kylincloud.com.zone
$TTL 1D
@ IN SOA kylincloud.com. root.kylincloud.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns.kylincloud.com.
ns IN A 172.19.0.248
@ IN MX 10 mail.kylincloud.com.
mail IN A 172.19.0.248
注意.和tab键
修改好配置文件后重启named服务
systemctl restart named
这样电子邮件系统所对应的服务器主机名即为mail.kylincloud.com,而邮件域为@kylincloud.com。把客户端DNS地址修改成域名服务器IP地址即可。
3.3.3 客户端验证
vim /etc/resolv.conf
nameserver 172.19.0.248
ping -c 4 mail.kylincloud.com
4. 安装配置postfix服务器
在配置postfix服务器已经在DNS服务器上把mail.cloud.com解析到172.19.0.248,并添加邮件交换记录。
4.1 安装postfix
yum -y install postfix mailx telnet
4.2 配置postfix
vim /etc/postfix/main.cf
myhostname = mail.kylincloud.com
mydomain = kylincloud.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, $mydomain
mynetworks = all
解析如下:
- myhostname 设置邮件服务器主机名
- mydomain 指定邮件服务器主机域名
- myorigin 设置邮件所使用的主机名和域名
- inet_interfaces 设置监听地址
- inet_protocols 设置支持的协议
- mydestination 设置可接受邮件的主机名和域名
- mynetworks 设置可转发的邮件网络
- relay_domain 设置可转发的邮件域名
4.3 启动postfix服务
检查是否有语法错误
postfix check
启动postfix服务器
systemctl restart postfix
systemctl enable postfix
5. 安装部署dovecot
Dovecot是一款能够为Linux系统提供IMAP和POP3电子邮件服务的开源服务程序,安全性极高,配置简单,执行速度快,而且占用的服务器硬件资源也较少,因此是一款值得推荐的收件服务程序。
5.1 安装dovecot
yum -y install dovecot
5.2 配置dovecot
vim /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
disable_plaintext_auth = no
login_trusted_networks = 172.19.0.0/24
解析如下:
- protocols 设置支持的电子邮件协议修改为imap、pop3和lmtp
- disable_plaintext_auth 指定允许用户使用明文进行密码验证。之所以这样操作,是因为Dovecot服务程序为了保证电子邮件系统的安全而默认强制用户使用加密方式进行登录,而由于当前还没有加密系统,因此需要添加该参数来允许用户的明文登录。
- login_trusted_networks 设置允许登录的网段地址,也就是说我们可以在这里限制只有来自于某个网段的用户才能使用电子邮件系统。如果想允许所有人都能使用,则不用修改本参
5.3 启动服务
systemctl restart dovecot
systemctl enable dovecot
5.4 检查监听
netstat -tlunp |grep -E "143|25|110"
5.5 邮件账户
5.5.1 添加邮件账号组
groupadd mailusers
5.5.2 添加邮箱账号
添加邮箱账号lisi和wangwu,并设置 密码
useradd -g mailusers -s /sbin/nologin lisi && echo Kylin123. | passwd --stdin lisi
useradd -g mailusers -s /sbin/nologin wangwu && echo Kylin123. | passwd --stdin wangwu
5.5.3 配置邮件格式与存储路径
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mkdir -p /home/lisi/mail/.imap/INBOX
mkdir -p /home/wangwu/mail/.imap/INBOX
chown -R lisi:mailusers /home/lisi/mail
chown -R wangwu:mailusers /home/wangwu/mail
6. thunderbird客户端
在Kylin V10下使用thunderbird客户端
6.1 安装thunderbird客户端
yum install thunderbird
6.2 启动thunderbird客户端
根据各系统,每个系统的启动方式不一样
6.3 配置客户端的账号、地址和密码
配置完客户端的账号、地址和密码,点击“Continue”
6.4 Manual config
由于当前没有设置SSL邮局加密,手动配置,需要将SSL选项更改为None,并将Authentication设置为Normal password。
出于安全方面的考虑,Thunderbird客户端会提示警告信息。选中understand the risks复选框,然后单击Done按钮即可
6. 5 收发邮件
发件箱:
6.6 windows thunderbird使用
添加邮件账户
出于安全方面的考虑,Thunderbird客户端会提示警告信息。选中“我已了解相关风险”复选框,然后单击确认“”按钮即可
若出现“无法登录到服务器。可能是配置、用户名或密码错误。”,注意主机名是否设置正常,用户名是否设置正常
若出现Thunderbird未能找到你的邮件账户设置,检查网络是否有问题,ping测试下邮件域名,如ping mail.kylincloud.com
正常登录后,如下图所示:
7. 问题记录
- loading from master file kylincloud.com failed: file not found
重启服务失败,systemctl restart named,systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2024-11-27 10:37:05 CST; 1min 25s ago
Process: 7020 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)
Nov 27 10:37:05 mail.kylincloud.com bash[7020]: zone localhost/IN: loaded serial 0
Nov 27 10:37:05 mail.kylincloud.com bash[7020]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Nov 27 10:37:05 mail.kylincloud.com bash[7020]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Nov 27 10:37:05 mail.kylincloud.com bash[7020]: zone 0.in-addr.arpa/IN: loaded serial 0
Nov 27 10:37:05 mail.kylincloud.com bash[7020]: zone kylincloud.com/IN: loading from master file kylincloud.com failed: file not found
Nov 27 10:37:05 mail.kylincloud.com bash[7020]: zone kylincloud.com/IN: not loaded due to errors.
Nov 27 10:37:05 mail.kylincloud.com bash[7020]: _default/kylincloud.com/IN: file not found
Nov 27 10:37:05 mail.kylincloud.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
Nov 27 10:37:05 mail.kylincloud.com systemd[1]: named.service: Failed with result 'exit-code'.
Nov 27 10:37:05 mail.kylincloud.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
检查/etc/named.rfc1912.zones文件发现file那个文件漏写了zone,把file kylincloud.com.zone写成file kylincloud.com了,故在/var/named/目录下找不到kylincloud.com文件
解决方法:注意书写,写上正确的文件名即可
9. 参考文献
https://www.jb51.net/article/231073.htm
https://blog.51cto.com/u_15076209/4258402
https://www.pengqi.club/24.html
https://weiliang-ms.github.io/wl-awesome/3.%E9%9B%86%E6%88%90%E9%83%A8%E7%BD%B2/mail/%E6%90%AD%E5%BB%BA%E5%86%85%E7%BD%91%E9%82%AE%E4%BB%B6%E6%9C%8D%E5%8A%A1%E5%99%A8.html?q=
https://blog.csdn.net/csdn066/article/details/72698260
https://www.cnblogs.com/iubolgs/p/15697556.html
https://maofeichen.com/build-local-mail-server-by-postfix/
https://cloud.tencent.com/developer/article/2122667