[My Linux, I call the shots! ] Have come up Postfix mail server

Contents:
(a) understand the message of the entire transceiver flow
(B) to configure postfix mail server
(iii) use a graphical mail client

---

(A) understand the message of the entire transceiver process

(1.1) e-mail in our daily lives, is an information transmission services are often used. We may be using your company's mail server, also likely to use the Internet to provide a well-known mail server, such as QQ-mail, 163 mailboxes, 126 mailboxes, etc., they send and receive mail flow is the same. Suppose now that there is a mail server 126, there are two accounts on the mail server, respectively [email protected] and [email protected], at this time if you want to send a message to tom bob, he sent a message, the message first 126 will reach the mail server, and marked "to: [email protected]", this time 126 server is found in mail sent their own registered users, 126 E-mail will be delivered this message to bob mailbox, when after bob into their mail to find that they have unread messages, when the user completes the tom send a message to bob demand, which is the process of sending messages on the same mail server.

Now our environment and the emergence of a QQ mail server mail.qq.com, in the field, there are still QQ DNS server ns.qq.com, all hosts in the domain for domain name resolution operation, assuming that there is a [email protected] QQ account on the server. [email protected] ready to [email protected] user sends a message and marked "to: [email protected]", this time 126 server not found [email protected] own server after receiving the e-mail account Therefore 126 QQ server needs to know the IP address of the mail server, the server will first query 126 requests sent to the IP address of the DNS server in your domain, the mail server 126 mode domain queries to DNS servers mainly through recursive queries. At this point in the domain DNS server 126 will be the world's whereabouts 13 root name server queries, by means of an iterative query, we experienced a root domain, top-level domain, a domain, second-level domain ... finally found QQ in the domain DNS server, and DNS server 126 in the domain will be sent to the DNS server QQ in the domain of the query: "do you know QQ mail server is a domain that sets it?" At this point in the domain DNS server will QQ to check their MX records on the server to find the highest priority mail server, DNS server responds to the 126 domain: "You know, the mail server in the domain that mail1.qq.com", then continue DNS server 126 domain asked: "? I ask what the host a record mail1.qq.com is it" At this point in the domain DNS server QQ would answer: "I know, a record mail1.qq.com is xxx", this time 126 domain after the DNS server will tell the results of the query to the mail server 126 domain, 126 domain mail server mail server QQ know the domain, the server will be "to: [email protected]" send Mail QQ to the mail server domain On, this time found mary QQ mail server is a server in your own account, then this message will be delivered to the account of mary, mary browser or mail client will be able to check your own e-mail accounts, and this is the workflow entire mail server.

(1.2) We usually mail is going to be using some clients, such as Outlook mail, Foxmail mail, Thunderbird mail, etc., for these client tools, we will call it MUA (mail user agent). When we send the message, the protocol used is SMTP (Simple Mail Transfer Protocol), where the Simple Mail Transfer Protocol used is No. 25 on TCP port; in the incoming mail when the protocol we used is POP3 (Post Office Protocol version 3) or IMAP (interactive Mail access protocol) for POP3 is used is TCP port 110 for IMAP is used is TCP port 143. If we want to set up a host to a mail server, then you need to install the corresponding software, such as postfix, sendmail, Exchange Server and other software we call the MTA (message transfer agent). When the user tom 126 after sending an e-mail to or mary bob, the message will first reach the mail server 126, then 126 mail server for mail delivery operations, mail delivery of this process, which we call MDA (mail delivery agent), in postfix it is a process. In the client protocol we used is POP3 or IMAP, which is provided by the dovecot, the user can normally receive mail after installing this we call it MRA (mail receiving agent). After 126 mailboxes receive mail sent tom, find it necessary to forward the message to mary, the forwarding process we call relay (forwards). This time it will lead to a concept openrelay, represents a mail server without any restrictions, anyone worldwide can send forward mail to my server, do not even have on my mail server registered, you can directly get my server to send forward e-mail, at this time our mail server is out openrelay state. In the Internet there will be a subscription RBL (real time blacklist), abnormal mail server to the RBL RBL in the Internet it will, at this time if the destination mail server is subscribed to the RBL, you will not receive us exceptions mail server to send mail.

---

（二）配置postfix邮件服务器
(2.1)首先我们在vms001主机上配置好DNS服务，在/etc/unbound/local.d目录中创建一个aa.conf的配置文件，并且填写好相应的DNS解析条目。接着在vms002主机上我们将DNS服务器设置为192.168.26.101后，我们可以查询到example.com域的主机名为vms002.example.com，然后通过主机名查询A记录，便可以查询到vms002主机的IP地址为192.168.26.102，查询的结果是正确的。
# host -t mx example.com
# host -t A vms002.example.com


(2.2)postfix服务在我们系统中默认是已经安装好的，进入到/etc/postfix目录下，可以查看main.cf文件。当然main.cf文件中的配置参数并不是包含全部的内容，如果我们想要查看所有的参数信息，可以使用postconf命令，其中postconf是列出所有参数的当前值，而postconf -d是列出所有参数的默认值。Postconf中一共有816个参数，main.cf文件中只放置了常用的参数。




(2.3)在vms002主机的main.cf文件中主要包含的是常见的参数，具体的格式如下，同时我们在配置文件中进行参数定义的时候一定要顶格开始，否则会被系统默认为时上一行的延续。myhostname是一个很重要的参数，如果我们没有设置具体的值，那么postconf中会有默认值存在，默认值一般是主机名。
格式：
Key1=value1,value11
Key2=value2
Key3=$key1,value3
此时key3=value1,value11,value3
# postconf myhostname
# postconf | grep ^myhost

(2.4)在main.cf文件中mydomain的默认值会取myhostname第一个点之后的部分，如果我们通过postconf -e参数对myhostname进行修改，那么修改的结果会直接记录到main.cf文件中，且此时使用postconf查询mydomain时，会发现结果也随之修改为myhostname第一个点之后的部分。如果是通过配置文件进行修改那么需要重启服务才会生效，而通过命令行进行修改，则会立刻生效。
# postconf | grep ^mydom
# postconf -e myhostname=aa.bb.cc.dd.ee.com

(2.5)在main.cf文件中myorigin参数的主要作用是自动补齐收件人邮箱的后缀名称信息，我们查询到myorigin参数的默认值为$myhostname。现在我们在vms002主机上使用root用户对jerry用户发送一封邮件，我们尝试使用jerry或者是[email protected]作为收件人，此时我们发现使用两种方式发送过来的邮件都可以正常的看到如下的邮件信息。所以如果遇到了不是标准邮件格式的收件人，比如jerry，那么此时postfix会自动补齐为jerry@$myorigin即[email protected]
# mail -u jerry
# echo "Hello I'm root" | mail -s "Hello jerry" [email protected]





(2.6)在main.cf文件中的inet_interfaces表示的是当前服务所监听的端口，默认是监听在主机回环接口上的，此时我们应该设置为监听在所有的接口之上。最后还要记得将防火墙添加SMTP可以通过。
# systemctl restart postfix.service
# netstat -tunlp | grep :25
# firewall-cmd --add-service=smtp --permanent

(2.7)在main.cf文件中的inet_protocols表示监听的协议，可以自己选择监听ipv4或者监听ipv6，默认是监听所有的all

(2.8)在main.cf文件中的mydestination表示的是当邮件服务器将需要发送的邮件进行投递的时候判断邮件的收信人是否是自己的注册用户的列表库，例如root用户使用[email protected]作为收件人名是可以正常的将邮件投递到jerry用户的邮箱的，但是使用[email protected]作为收件人名时默认是不能投递到jerry用户的邮箱的，如果我们希望接收到类似于[email protected]这样常规格式的收件人名，就需要将$mydomain参数添加进来，因为mydomain表示的是myhostname第一个点之后的所有内容，所以开启mydestination第二行的配置（图2-20）。当在/etc/postfix/目录下main.cf文件中mydestination参数后添加了$mydomain的选项并重启服务后，此时便可以正常的识别[email protected]收件人信息，并正确的投递邮件（图2-22）。如果不添加$mydomain参数的话，此时vms002邮件服务器会不停的询问DNS服务器发送邮件的主机地址是多少，而DNS服务器会回复是vms002主机自己，转发给自己后发现邮件后缀并不是自己域名内地注册用户，这样又会向DNS询问，形成了一个死循环，所以建议一般情况下是需要添加这个参数的。
# tailf /var/log/maillog---查看邮件发送的后台日志
# echo "Hello I'm root" | mail -s 'Hello jerry' [email protected]

(2.9)在main.cf文件中的mynetworks表示的是允许使用openrelay的IP地址范围，mynetworks值表示的是默认IP地址范围，在此范围内的主机才可以使用openrelay进行邮件转发的操作（图2-29），现在我们创建一个新的主机MailTest（192.168.26.103），然后配置好邮件测试主机的相关光盘镜像挂载、YUM源等信息。此时vms002主机上并不存在xxyy用户，但是我们可以在MailTest主机上使用xxyy账号发送邮件，我们在MailTest主机上安装好telnet软件，并编辑发送的邮件信息（图2-27），此时我们在vms002主机上便发现jerry用户已经接收到了不存在的xxyy账号发送过来的邮件了（图2-28）。不过一般我们使用公司的邮箱收发邮件，如果我们回到家后在IP地址可能就不在mynetworks的范围中了，此时如果不能进行邮件的转发会非常的麻烦，所以mynetworks允许的范围还是尽量要大一些，不过这个时候我们是可以使用SMTP的认证解决openrelay的问题的，使用了SMTP的认证，使得用户必须要输入用户名和密码信息。
# telnet 192.168.26.102 25
\>helo example.com
\>mail from:[email protected]
\>rcpt to:[email protected]
\>data
\>haha,I'm xxyy
\>.---结束符
\>quit
# postconf | grep ^mynetworks---查询mynetworks默认的网段范围

(2.10)在main.cf文件中的relayhost表示的是指明我们的转发主机是哪一台，我们在vms002主机上配置relayhost转发的主机地址是192.168.26.103。我们在MailTest主机上配置好邮件服务器的相关内容，首先设置MailTest主机的inet_interfaces可以监听所有的地址，接着将参数mydestination加上$mydomain变量，并创建一个用户jerry，在MailTest主机上将服务重启一下，同时还要将MailTest主机的防火墙开放一下。此时我们在vms002主机上将服务重启完成后，虽然vms002主机并不能解析MailTest主机的域名，但是发送的邮件仍然可以正常的到达MailTest主机的jerry用户的邮箱中年，主要是因为设置了relayhost的值（图2-35），虽然vms002主机发现了[email protected]并不是自己域名内的注册用户，但是由于设置了转发地址relayhost，所以vms002主机直接将邮件发送给了MailTest主机，而MailTest主机通过mydestination发现邮件是自己域名内的注册用户，所以直接将邮件投递到了jerry用户的邮箱中了。
# firewall-cmd --add-service=smtp --permanent

(2.11)此时如果vms002主机上的root用户发送给[email protected]的邮件地址时，虽然MailTest主机的域名是example.com（图2-37），但是vms002主机自己的域名也是example.com，虽然此时我们在vms002主机上已经配置了relayhost转发的主机地址是192.168.26.103，但是最终发送的邮件会在本机的jerry用户的邮箱进行接收（图2-36）。这是由于对于vms002主机来说，虽然设置了relayhost，但是只有在发送的邮件不是vms002主机的注册用户的时候才会生效。

(2.12)如果我们希望从vms002主机发出的邮件全部都转发到MailTest主机上，那么此时我们应该将mydestination的值设置为空值即可，在vms002主机上将main.cf文件里的mydestination设置为空值后，将邮件服务重启一下。我们发现在vms002主机上并没有收到任何的邮件，但是MailTest主机上却收到了发送给[email protected]地址的邮件了。这种邮件转发的功能一般是在企业中邮件服务器数量非常多的时候使用的，例如公司有三台邮件服务器，我们并不希望邮件服务器直接接入互联网，此时我们可以配置一个邮件网关，此时邮件服务器发送的所有邮件都直接转发给邮件网关，我们在邮件网关上可以做更多的安全策略，垃圾过滤策略等，以此来保护我们内部邮件服务器的安全性。例如在Exchange服务器中五大组件之一的边缘传输服务器就是起到这个作用的。

(2.13)在main.cf文件中的alias_maps表示的是在/etc/aliases文件中配置别名信息，使得发送邮件的时候可以向同一类用户发送邮件。我们在/etc/aliases文件中定义别名all代表的是root、jerry、marry三个用户的一个集合，当给all发送邮件时[email protected]便会接收到邮件（图2-42）。如果我们希望是以常规的格式[email protected]接收到邮件，则可以设置myorigin=$mydomain，此时向all发送邮件，我们便可以在本机的所有用户邮箱中看到已经接收的邮件信息了（图2-44）。当然如果all代表的用户数量非常大时，我们可以使用/etc/userlist文件，然后将用户列表写入到userlist文件中。
# newaliases

(2.14)在main.cf文件中的home_mailbox表示的是定义用户的邮件存放的文件名，定义完成后一般这个文件会存在用户的家目录下，在默认情况下我们的邮件都是/var/spool/mail目录下存放的（图2-46）。我们设置home_mailbox的值为Mailbox，然后将邮件服务重启一下，此时便会在所有用户的家目录下产生一个Mailbox文件用来接收邮件信息（图2-48），如果我们将home_mailbox的参数修改为Maildir/后，则重启邮件服务后，所有发送的邮件便会都存放在用户的自己家目录下的Maildir目录中。
# systemctl restart postfix.service

---

（三）使用图形客户端收发邮件
(3.1)一般情况下，用户在收发邮件的时候都是习惯使用图形化界面操作的，在客户端接收邮件的时候一般是使用POP3或者IMAP协议，分别监听的是110端口和143端口，客户端如果需要连接到服务器接收邮件的话，则需要在vms002主机上安装dovecot软件。同时需要将pop3和imap服务的端口在防火墙打开。
# yum install dovecot -y
# grep imap /etc/services---查询imap协议使用的端口
# grep pop3 /etc/services---查询pop3协议使用的端口
# firewall-cmd --add-port=110/tcp --permanent
# firewall-cmd --add-port=143/tcp --permanent


(3.2) Then we also need to enter the / etc / dovecot / catalog dovecot.conf configuration file, which is the default value of these three parameters of this system protocols, which lmtp represents the local mail transfer protocol. You can then go to the next /etc/dovecot/conf.d/ directory, edit the 10-auth.conf configuration file, whether to disable sent in the clear, where we should be set to no; then enter the directory /etc/dovecot/conf.d/ , the profile editor 10-mail.conf provided mail_location value maildir: ~ / Maildir, provided the user receives the file automatically receiving mail at home Maildir / directory under the directory, we need on vms002 host's / etc value in the files in main.cf / postfix / directory home_mailbox is Maildir / (Fig 3-5-1); and finally at /etc/dovecot/conf.d/ catalog, edit profile 10-ssl.conf Since we do not need SSL authentication, the value set ssl NO






(3.3) then we find a Win7 system, Foxmail and install the client software on the client system Win7, then we choose to manually set the connection to the host vms002 on the mail server, create mail accounts and marry out.




(3.4) Then we will continue to create jerry user's mailbox on the mail client for Win7, then we can try to send a message to marry jerry user to use a user on a client graphical interface.



(3.5) At this point we can find marry users normally receive mail sent from a jerry user on the client tools.

------ This concludes the article, thanks for reading ------