Linux mailbox server configuration: How to enable outlook to send and receive mails and how to control relay

This article based on the previous article base address: http://blog.csdn.net/deansrk/article/details/6717720

 

Receive emails using Outlook

1. First, check the owner and group of the files in the mailbox directory.

[root@mail ~]# ll /var/mailbox/a.org/gentoo/Maildir/total 60-rw------- 1 postfix postfix 356 Aug 23 00:52 abook.cfdrwx------ 2 postfix postfix 4096 Aug 23 00:49 cur-rw------- 1 postfix postfix 8192 Aug 23 00:49 extmail-curcache.db-rw------- 1 postfix postfix 6 Aug 23 00:49 extmail-curcnt-rw------- 1 postfix postfix 24 Aug 23 00:53 maildirsizedrwx------ 2 postfix postfix 4096 Aug 23 00:49 newdrwx------ 2 postfix postfix 4096 Aug 23 00:53 tmp

# It can be seen that all users are Postfix users. Therefore, to access these files, the identity must be Postfix. What should we do when sending and receiving emails externally, instead of using Postfix users?

2. dovcot verifies whether the user has the permission to extract the email and verifies the identity of the user. The user IDs generated by extmail on the webpage are all 1000 users, if we modify the ing relationship.

Vim/var/www/extsuite/extman/webman. cf

Sys_default_uid = 2525sys_default_gid = 2525 # modify the two items to 2525 and then it corresponds to uid, GID is 2525 user, that is, postfixid postfixuid = 2525 (postfix) gid = 2525 (postfix) groups = 2525 (postfix) Context = root: system_r: unconfined_t: systemlow-systemhigh

 

3. Enable the dovcot debug function to verify whether the ing is changed to 2525.
Vim/etc/dovcot

Auth_verbose = yesauth_debug = yesauth_debug_passwords = yeslog_path =/var/log/Dovecot. log # We only want to test it here. We recommend that you do not open it in normal applications. Otherwise, logs are generated for every user login, which puts a lot of pressure on the disk, they are all stored in/var/log/maillog, so we need to define a separate # location to prevent the creation of messy service Dovecot restart in maillog.

 

4. log on to your mailbox, view logs, and check whether your UID and GID have changed (only valid for new mailbox users)

[root@mail ~]# telnet 192.168.0.12 110Trying 192.168.0.12...Connected to ns1.a.org (192.168.0.12).Escape character is '^]'.+OK Dovecot ready.USER dean@a.org+OKPASS dean123+OK Logged in.Connection closed by foreign host.dovecot: Aug 23 05:25:18 Info: auth(default): master out: USER 1 dean@a.org maildir=a.org/dean/Maildir/ uid=1000 gid=1000

# The above is an old user, and the UID and GID are not changed

5. Modify MySQL to make all users take effect

Mysql-uroot-predhatmysql> show databases; + -------------------- + | database | + -------------------- + | information_schema | extmail | MySQL | test | + -------------------- + 4 rows in SET (0.00 Sec) mysql> show tables; + ------------------- + | tables_in_extmail | + ------------------- + | alias | domain | domain_manager | mailbox | manager | + ------------------- + 5 rows in SET (0.00 Sec) change the ing of other virtual users to 2525 update mailbox set gidnumber = 2525 where uidnumber = 1000; update mailbox set gidnumber = 2525 where gidnumber = 1000; select * From mailbox \ G # check whether it is changed to 2525 and then use the new account to test the mutt command: POP3 and IMAPs: a dedicated tool for viewing and encrypting mails mutt-F mailbox # specify mailboxmutt-f pop: // gentoo@a.org @ mail.a.org # The first @ is the mailbox account the second @ followed by the mail server address Dovecot: Aug 23 21:59:34 info: AUTH (default): master out: user 6 gentoo@dean.com maildir = dean.com/gentoo/maildir/ uid = 2525 gid = 2525

6. Use the packet capture tool tshark to test data packets on port 110.

Installation:
Yum install Wireshark
# Capture all data packets that are in and out of port 110
Tshark-Ni eth0-R "TCP. dstport EQ 110 or TCP. srcport EQ 110"

# Capture mail data packets under test
Mutt-f pop: // 192.168.0.12

--
#110 and 143 are inscriptions in the email receiving and authentication processes, so they are insecure during transmission.

----------------------------------------------------------------
How to encrypt emails?

Smtps: encryption is performed when a mail is delivered, but if a mailbox needs to be forwarded, encryption cannot be performed if one mailbox does not support encryption.
SSL: both ends must support encryption.
S/MIME, GPG: Implements end-to-end mail encryption. No matter how many hosts are forwarded in the middle, the content of the emails they see is encrypted and only forwards emails, you can combine your own private key, public key, and one-way encryption algorithm to reveal your secrets.

In the early days, the SMTP protocol could only transmit text. Later, other forms of encoding can be implemented through S/MIME, such as base64. In this way, encryption can be implemented and attachments can be sent as long as a certificate is provided to the server, upgrade POP3 to pop3s.

----------------------------------------------------------------------------

1. Create a ca

mkdir /etc/dovecotmkdir /etc/dovecot/ssl

2. issue a certificate to dovcot

OpenSSL genrsa 1024> Dovecot. keyopenssl req-New-key Dovecot. key-out Dovecot. reqopenssl ca-In Dovecot. REQ-out Dovecot. PEM # dovcot must use the CA certificate. If necessary, use the client certificate.

3. edit/etc/Dovecot. conf

vim /etc/dovecot.conf ssl_cert_file = /etc/dovecot/ssl/dovecot.pemssl_key_file = /etc/dovecot/ssl/dovecot.keyssl_ca_file = /etc/dovecot/ssl/cacert.crt protocols = imap imaps pop3 pop3s

4. Modify DNS

[root@mail ~]# cd /var/named[root@mail named]# vim dean.com.zone  pop3.dean.com.          IN      A       192.168.0.32[root@mail named]# vim 192.arpa 32            IN      PTR     pop3.dean.com.

5. Send encrypted emails under test
Mutt-F POPs: // gentoo@a.org @ pop3.a.org

6. Start tshark and test again
Tshark-Ni eth0-R "TCP. srcp eq 995 or TCP. dstport EQ 995"

------------------------------------------------------------

Relay Management

Assume that in a network segment, 172.16.0.0 only needs to reject 172.16.100.100

 

Vim/etc/Postfix/Main. cnfsmtpd_recipient_restrictions = # restrict user smtpd_client_restrictions = # limit

# The preceding two restrictions support editing a specific text.

 

# Vim/etc/Postfix/access #192.16.0.1 reject # You can also write a file Vim/etc/Postfix/client192.168.0.1 rejectpostmap Client # You need to convert the file to a binary file before using smtpd_client_restrictions = hash: /etc/Postfix/Client # Here we use the hash format, the static format is very slow, generally do not use # Postfix automatically loads the configuration file at intervals by default

Bytes -------------------------------------------------------------------------------------
Specify to reject the sender

 

Smtpd_sender_restrictions = hash: /etc/Postfix/sender # clients that can be defined to reject Vim sender # Write the client centos@a.org reject in it # reject specified user @ a.org reject # reject all emails from a.org domain name Gentoo @ reject # If Gentoo rejects [root @ mail Postfix] # telnet 192.168.0.32 25 trying 192.168.0.32... connected to mail.dean.com (192.168.0.32 ). escape Character is '^]'. 220 welcome to our mail.dean.com ESMTP, warning: version has been hidden! Helo mail. Dean. com250 mail. Dean. commail from: gentoo@dean.com250 2.1.0 okrcpt to: dean@dean.com554 5.7.1 <gentoo@dean.com>: sender address rejected: Access Denied