Linux operation and maintenance --- Deploy Postfix mail system

The email system is one of the most commonly used network services in our daily work and life. Later, it will be combined with the DNS domain name resolution service provided by the BIND service program to verify the mail sending and receiving functions between the client host and the server.

The e-mail system completes the transmission of e-mail based on the e-mail protocol. Common e-mail protocols:

Simple Mail Transfer Protocol (SMTP): used for sending and forwarding emails, occupying the server's 25/TCP port.

Post Office Protocol Version 3 (POP3): Used to store emails to the local host, occupying the server's 110/TCP port.

Internet Message Access Protocol version 4 (IMAP4): used to access mail on the local host, occupying the server's 143/TCP port.

Configure server host name

[root@localhost ~]# vim /etc/hostname
[root@localhost ~]# hostname
mail.chuid.com

Provide domain name resolution for email system

[root@localhost ~]# yum install bind* -y   # 安装bind相关软件
[root@localhost ~]# vim /etc/named.conf    # 编辑主配置文件
[root@localhost ~]# vim /etc/named.rfc1912.zones   #编辑区域配置文件
[root@localhost ~]# cd /var/named   #切换到数据配置文件目录
[root@localhost named]# ls -la named.localhost named.loopback   #查看正向和反向解析模板文件的所有者、所属组、权限属性等信息
-rw-r-----. 1 root named 152 6月  21 2007 named.localhost
-rw-r-----. 1 root named 168 12月 15 2009 named.loopback
[root@localhost named]# cp -a named.localhost chuid.com.zone   #从/var/named目录中复制named.localhost模板文件做为正向解析文件
[root@localhost named]# vim chuid.com.zone      #编辑正向解析文件
[root@localhost named]# cp -a named.loopback chuid.com.arpa   #从/var/named目录中复制named.loopback模板文件做为反向解析文件
[root@localhost named]# vim chuid.com.arpa      #编辑反向解析文件
[root@localhost named]# systemctl restart named      #重启named服务程序

Install Postfix service program

[root@localhost ~]# yum install postfix
已加载插件：langpacks, product-id, search-disabled-repos,
          : subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
mysql-connectors-community            | 2.5 kB     00:00     
mysql-tools-community                 | 2.5 kB     00:00     
mysql57-community                     | 2.5 kB     00:00     
yum                                   | 4.1 kB     00:00     
软件包 2:postfix-2.10.1-6.el7.x86_64 已安装并且是最新版本
无须任何处理
[root@localhost ~]# 
[root@localhost ~]# systemctl disable iptables    #禁用iptables防火墙

Configure Postfix server

[root@localhost ~]# vim /etc/postfix/main.cf

myhostname variable, used to save the host name of the server

mydomain variable, used to save the name of the mail domain

mydomain variable, used to define the domain of the outgoing mail

Define the network card listening address, you can specify which IP addresses of the server to use to provide external email services

Define the host name or domain name list that can receive mail, here you can directly call the previously defined myhostname and mydomain variables

Create a login account for the email system

[root@localhost ~]# useradd chuid
[root@localhost ~]# echo "123456" | passwd --stdin chuid
更改用户 chuid 的密码 。
passwd：所有的身份验证令牌已经成功更新。
[root@localhost ~]# 

Restart the Postfix service program

[root@localhost ~]# systemctl restart postfix
[root@localhost ~]# systemctl enable postfix
[root@localhost ~]# 

Configure the Dovecot server

Dovecot is an open source service program that can provide IMAP and POP3 email services for Linux systems. It has extremely high security, simple configuration, fast execution speed, and takes up less server hardware resources, so it is a recommended collection Piece service program.

Install the Dovecot service program package

[root@localhost ~]# yum install dovecot
已加载插件：langpacks, product-id, search-disabled-repos,
          : subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
正在解决依赖关系
--> 正在检查事务
---> 软件包 dovecot.x86_64.1.2.2.10-5.el7 将被 安装
--> 正在处理依赖关系 libclucene-core.so.1()(64bit)，它被软件包 1:dovecot-2.2.10-5.el7.x86_64 需要
--> 正在处理依赖关系 libclucene-shared.so.1()(64bit)，它被软件包 1:dovecot-2.2.10-5.el7.x86_64 需要
--> 正在检查事务
---> 软件包 clucene-core.x86_64.0.2.3.3.4-11.el7 将被 安装
--> 解决依赖关系完成

依赖关系解决

=============================================================
 Package         架构      版本                 源      大小
=============================================================
正在安装:
 dovecot         x86_64    1:2.2.10-5.el7       yum    3.2 M
为依赖而安装:
 clucene-core    x86_64    2.3.3.4-11.el7       yum    528 k

事务概要
=============================================================
安装  1 软件包 (+1 依赖软件包)

总下载量：3.7 M
安装大小：12 M
Is this ok [y/d/N]: y
Downloading packages:
-------------------------------------------------------------
总计                             30 MB/s | 3.7 MB  00:00     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  正在安装    : clucene-core-2.3.3.4-11.el7.x86_64       1/2 
  正在安装    : 1:dovecot-2.2.10-5.el7.x86_64            2/2 
  验证中      : clucene-core-2.3.3.4-11.el7.x86_64       1/2 
  验证中      : 1:dovecot-2.2.10-5.el7.x86_64            2/2 

已安装:
  dovecot.x86_64 1:2.2.10-5.el7                              

作为依赖被安装:
  clucene-core.x86_64 0:2.3.3.4-11.el7                       

完毕！
[root@localhost ~]# 

Configure the main configuration file of the Dovecot server

[root@localhost ~]# vim /etc/dovecot/dovecot.conf

Enable the protocols = imap pop3 lmtp parameter, and then add a line of parameters below this line to allow users to use clear text for password verification

Set the network segment address that allows login, you can restrict only users from a certain network segment to use the email system

Configure mail format and storage path

[root@localhost ~]# vim /etc/dovecot/conf.d/10-mail.conf

In the separate sub-configuration file of the Dovecot service program, define a path to specify where to store the received mail locally on the server. This path has been defined by default, we only need to delete the hash sign (#) in the configuration file

Switch to the chuid account created when configuring the Postfix service program, and create a directory for saving mail in the home directory. Restart the Dovecot service program

[root@localhost ~]# su - chuid
[chuid@localhost ~]$ mkdir -p mail/.imap/INBOX
[chuid@localhost ~]$ exit
登出
[root@localhost ~]# systemctl restart dovecot
[root@localhost ~]# systemctl enable dovecot
[root@localhost ~]# 

Windows 7 client uses e-mail system

Run Outlook software program in windows 7 system

Use a non-encrypted method for email service verification login

Send mail to other mailboxes

When the email is successfully sent using the Outlook software, you can use the mail command on the email server to view the new email reminder. If you want to view the complete content of the email, just enter the number in front of the recipient's name!

[root@localhost ~]# 
您在 /var/spool/mail/root 中有邮件
[root@localhost ~]# mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N  1 chuid                 Mon Jun 29 18:32  94/3071  "Te"
& 
Message  1:
From [email protected]  Mon Jun 29 18:32:44 2020
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
From: "chuid" <[email protected]>
To: <[email protected]>
Subject: Test mail
Date: Mon, 29 Jun 2020 18:32:43 +0800
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0010_01D64E43.AD877780"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdZOAFYaBvJAStlgTr2+KrdvyHuPQA==
Content-Language: zh-cn
Status: R

Content-Type: text/plain;
	charset="gb2312"

当你收到这封邮件时，证明我的邮件系统实验已经成功！

& 
At EOF
& quit
Held 1 message in /var/spool/mail/root
[root@localhost ~]# 

Set user alias mailbox

The user alias function is a simple and practical mail account masquerading technology, which can be used to set up multiple virtual mailbox accounts to receive sent mail, so as to ensure that your own mail address is not leaked, and can also be used to receive multiple mailboxes of your own Mail in

Log in to the server after the email is sent, and then try to log in as the bin account. Because the bin account is a system account in the Linux system, the default Shell terminal is /sbin/nologin, so when logging in with the bin account, the system will prompt that the current account is unavailable. However, after using the mail command on the email server, I saw that the email originally intended to be sent to the bin account has been stored in the root account’s mailbox

[root@localhost ~]# 
您在 /var/spool/mail/root 中有新邮件
[root@localhost ~]# su - bin
This account is currently not available.
[root@localhost ~]# mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/root": 2 messages 1 new
    1 chuid                 Mon Jun 29 18:32  95/3082  "Te"
>N  2 chuid                 Mon Jun 29 18:41  93/3011  "你"
& 
Message  2:
From [email protected]  Mon Jun 29 18:41:41 2020
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
From: "chuid" <[email protected]>
To: <[email protected]>
Subject: 你好，我是用户chuid
Date: Mon, 29 Jun 2020 18:41:39 +0800
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_001D_01D64E44.ED47D9E0"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdZOAdOcXkF6SIsWSRy3eZUVsyKL9g==
Content-Language: zh-cn
Status: R

Content-Type: text/plain;
	charset="gb2312"

这是一封发给用户bin的文件!

& quit
Held 2 messages in /var/spool/mail/root
[root@localhost ~]# 

As you can see in the configuration file of aliases mail alias service, a large number of user aliases are defined. Most of these user aliases are local system accounts of the Linux system, and the root account after the colon (:) separator is used The person who receives emails from these accounts. The user alias can be a local user in the Linux system or a completely fictitious user name

[root@localhost ~]# cat /etc/aliases
#
#  Aliases in this file will NOT be expanded in the header from
#  Mail, but WILL be visible over networks or from /bin/mail.
#
#	>>>>>>>>>>	The program "newaliases" must be run after
#	>> NOTE >>	this file is updated for any changes to
#	>>>>>>>>>>	show through to sendmail.
#

# Basic system aliases -- these MUST be present.
mailer-daemon:	postmaster
postmaster:	root

# General redirections for pseudo accounts.
bin:		root
daemon:		root
adm:		root
lp:		root
sync:		root
shutdown:	root
halt:		root
mail:		root
news:		root
uucp:		root
operator:	root
games:		root
gopher:		root
ftp:		root
nobody:		root
radiusd:	root
nut:		root
dbus:		root
vcsa:		root
canna:		root
wnn:		root
rpm:		root
nscd:		root
pcap:		root
apache:		root
webalizer:	root
dovecot:	root
fax:		root
quagga:		root
radvd:		root
pvm:		root
amandabackup:		root
privoxy:	root
ident:		root
named:		root
xfs:		root
gdm:		root
mailnull:	root
postgres:	root
sshd:		root
smmsp:		root
postfix:	root
netdump:	root
ldap:		root
squid:		root
ntp:		root
mysql:		root
desktop:	root
rpcuser:	root
rpc:		root
nfsnobody:	root

ingres:		root
system:		root
toor:		root
manager:	root
dumper:		root
abuse:		root

newsadm:	news
newsadmin:	news
usenet:		news
ftpadm:		ftp
ftpadmin:	ftp
ftp-adm:	ftp
ftp-admin:	ftp
www:		webmaster
webmaster:	root
noc:		root
security:	root
hostmaster:	root
info:		postmaster
marketing:	postmaster
sales:		postmaster
support:	postmaster


# trap decode to catch security attacks
decode:		root

# Person who should get root's mail
#root:		marc
[root@localhost ~]#

The configuration file of aliases mail alias service is specifically used to define the mapping between user aliases and mail recipients. In addition to using the name of the system account in the local system, we can also define some aliases to receive emails by ourselves, and the root account should be the root account that actually receives emails from this account.