1. Email system
1) The email system completes the transmission of emails based on email protocols. Common email protocols are:
Simple mail transfer protocol (simple mail transfer protocol, referred to as SMTP), used for sending and forwarding outgoing mail, occupies server port 25/TCP port;
Post office protocol version 3 (post office protocol 3, referred to as POP3), used to store emails to the local host, occupies server port 110/TCP port;
Internet message access protocol version 4 (internet message access protocol 4, referred to as IMAP4), used to access e-mail on the local host, occupies the server port 143/TCP port;
2) In the email system, the server that sends and receives emails for users is called Mail User Agent (MUA), which can still receive emails even when the user is offline. "The server name is Mail Delivery Agent (MDA), and its job responsibility is to save the mail of Mail Transfer Agent (MTA) to the local inbox. The responsibility of MTA is to process and forward different emails. For mail between service providers, MUA's mail is forwarded to the appropriate MTA.
3) Things to pay attention to when deploying an email system:
①Add anti-spam and anti-virus module: it can effectively prevent the interference of spam and virus emails to corporate mailboxes;
②Encrypt the email: it can effectively protect the email content from being stolen and tampered with by hackers;
③Add email monitoring and auditing module: it can effectively monitor whether employees' emails contain sensitive words, whether they disclose corporate information, etc.;
④ Guarantee system stability: Guarantee the stability of the e-mail system and effectively prevent distributed denial of service DDos attacks.
2. Deploy the basic email system
1) A most basic email system can provide mail sending and receiving services, so it is necessary to use the Postfix service program based on the SMTP protocol to provide the mail receiving function, and the Dovercot service program using the POP3 protocol to provide the mail mail function.
2) The configuration steps are as follows:
The first step is to configure the hostname mail.test.com:
The command is vi /etc/hostname;
The second step is to close the host firewall policy and save the policy to avoid the default policy existing in the firewall to prevent the client DNS from resolving email domain names and sending and receiving emails:
Before configuring, check the existing rules of iptables iptables --list or iptables-save, and clear the rule command iptables --flush or iptables -F
The third step is to provide email domain resolution:
First install the bind service program yum -y install bind-chroot, then set the monitoring port and the client requesting update to any in the main configuration file /etc/named.conf of the bind service program, and then configure the regional configuration file and data configuration file, Set the dns address to the local address.
Third, configure the Postfix service program
1) Install the postfix service program, yum -y install postfix, the postfix service program has been installed by default in the centos 7 system, and the iptables policy (systemctl disable iptables) needs to be closed after installation, otherwise external users cannot access the email system.
2) Configure the postfix service program: The configuration file of the main configuration file of the postfix service program is as follows:
file function
/user/sbin/postfix main service program
/etc/postfix/master.cf Master configuration file for the master service
/etc/postfix/main.cf configuration file for postfix service
/var/lot/maillog logs the mail delivery process
In /etc/postfix/main.cf, the important parameters are as follows:
Parameter role
myhostname The hostname of the post office system
mydomain The domain name of the post office system
myorigin The domain name of the email sent from this machine
inet_interfaces listens on the NIC interface
mydestination Domain and hostname that can accept mail
mynetworks set which hosts can forward mail
relay_domains set which domains mail can be forwarded
3) The vi editor opens the line number: enter vi ~/.vimrc on the command line ---> press i to switch to input mode ---> add set nu to the file ---> wq save and exit, then edit any file line numbers are displayed.
Search words under Vi:
In vi command mode: enter "/word to search" and press Enter to enter the search. You can press "n" to find the next one, and "N" to find the previous one. Similar to the search command "?" and "/" difference is that "/" for downward search, "?" for upward search.
4) Create an email system account. Both postfxi and vsftpd service programs can use the local system account and password, so you can create a regular account in the local system. Finally, restart the configured postfix service program and add startup items. The command is as follows:
Add account: useradd weiyc
Set password: echo "12345678" | passwd --stdin weiyc
Restart the service: systemctl restart postfix
Set boot up: systemctl enable postfix
Fourth, configure the Dovercot service
1) dovecot is an open source service program that can provide IMAP and POP3 email services for Linux systems.
2) Deploy dovecot:
The first step is to install dovecot: yum install dovecot
The second step is to deploy dovecot, modify the main configuration file of dovecot, and modify the email protocols supported by the Dovecot service program to imap, pop3 and lmtp. Then add a line of parameters below this line to allow the user to use clear text for password authentication. The reason for this is because the Dovecot service program forces users to log in using encryption by default in order to ensure the security of the email system. Since there is no encryption system, this parameter needs to be added to allow users to log in in plain text: vi /etc /dovecot/dovecot.conf; In the 48th line of the main configuration file, set the network segment address that allows login, that is to say, we can restrict here only users from a certain network segment can use the email system. If you want to allow everyone to use it, you do not need to modify this parameter. After the modification is completed, restart the dovecot service program.
The third step is to configure the mail format and storage path: vi /etc/dovecot/conf.d/10-mail.conf, and then in a separate sub-configuration file of the Dovecot service program, define a path to specify the destination to receive Where is the mail stored on the server. This path has been defined by default. We only need to delete the pound sign (#) in front of line 24 in the configuration file. After the configuration is complete, restart the dovecot service program.
3) Modify the password of other users under the root user system: passwd username, and then enter a new password.