• m Linux pЉ|
    osGAзR firefox s
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    @ @ @
    @
    ̪sG2011/08/10
    boӶlA[]Aڭ̭A Mail P DNS n}ʡAM̧Ǥ Mail Server }WAH Mail Server B@򥻬y{PwA]|ͨ} Relay Pl{EζءA oǶع󥼨ӶlA޲zP]wOnAФnFo譱DQAC ѩ Postfix ]wɤe㦳˩MʡA]ڭx¤F Postfix A sendmail FC


    jADϥ22.1 lA\PB@z

    qllOԣNHOQκǻ@ǸThݦA@RTǻ欰AMTrOܧNܵwqrA T񤣤WgHӪH\oŷxALA㦳ɮĩʪTӻAqlliOӤihonDI OAqlltukoi{boQYǤֈSwHhҶåΡAfPUHBⱡsiHΆΪƉI uO[˸㩳Uڭ̴Nӽͤ@ͳoӹqll}\aI

    Tips:
    ɦܤAGoogle PXӤjqѧKOΪ̬OIOlAA䤤AKOqllbƦܤwg@FӋ GB lxsqI@ΤӻuOD`^ΤFI]ADnA{bڭ̳yijz[] mail serverzI ]LlDEBͳܲMEAb{bSQndw Mail server O@ƱA Fثe|siHBUHBfrHbOh^ܡAҥHUDn ISP l󱱺ޤWVӶVYA ӥB򥻥\S mail vs. DNS }ʤS@Iz
    mϥ

    pADϥ22.1.1 qll󪺥\PD

    bثe|SASqll (e-mail) GOZ_Ǫ@ơIiHA{b e-mail wg@ӫܴMHPHq޹DFA qlliHܧֳtDANΰTǰeayW@ӦsboASMA A]iHb󦳺aAsW Internet hAHI

    LAѪOAunOHaAN|ܦhANQ쪺Ʊ|X{FASM e-mail ]ҥ~A򻡩OH ڭ̨ӺCCR@Uqll󲣥ͪ@ǰDaG

    • afrqllDG
      AiH``oqlli২afraIShAQιqllHΤH̹qll󪺺gߪAסA ϱoHqll󬰴Cqfrey`JHszSoI

    • ǫȳzLl{JIG
      unb Internet W]ƴNSʎOKIAiHϥΩǫȳn (Cracker) NiHoϥΪ̦bQ e-mail ǰeL{S҉KJbPKXAYgLRARi}誺lDEzIuOåiȤ@⪺I

    • siHPUHΡG
      oӥiOثeUj ISP ߤíhhoǩUHiHܦh֪iuWeA ϱo`ϥΪ̳sut׻P~UAiyySMA``UH󪺧AAjy]nLaI

    • DEQjqHzG
      U@ASNlA]wnAKKIeH̥iH]ѧADEH\AoejqHA Ay@^IzzAAwСAQnSE

    • u|QơG
      y¨zIo||ܮ`ȡHSMܮ`TIϥ e-mail NiH@ܦhaơouOӤDwF

    • H󤺮eG
      un`N|TNiHDTAӷqll󻡪eAn۫HI ]ܦhiOH_dz_AGAjaQAFҦpAABͦ@ʫHA{yzIoOjƱzA ҥHbSDҪpUANHy茱HzAݡAKIABͱHAASMn۫HLTI ߨA茱HAp@Aa`AKKIoӎh~eT}WNjaDA iȪOyR|ja^zҥHAݨTɡAФdUnOoDҤ@UoI

    iȧaIqll|lͥXohDt~Ao email A]wP޲zuOޤHߤíhhI OH]HOQnVKQV̔xVnAVKQVިlANVeQ@ξDQΡI ϹLӻApGAwlAޱoYFANӤHʤơA۫HܤֱzDޥiNӺNAH

    IShTIlANOo^ơAHSRSȪ@ӪNAdwLA߱z[@Q꺡I dwLAAQSUH茹BƤpAᱼu@iOyjzIN]LOo򭫭nSHdwA ҥHڭ̥ionnLoI


    pADϥ22.1.2 Mail server P DNS }Y

    JMnϥ e-mail ASMNݭnlAo (Mail Server)IMAHn˱HXhOHWA mail server zAO̔xܡGSIHzAҥHA Uڭ̭nӽͤ@ͥLzAMAwA]wӶi满Iڭ̭nNOy Mail server tP DNS t}sʡHz oӈs̮eQdVAO_n[] mail server NyJRz@wo[] DNS server bADEWܡH


    • Mail server PXkDEW

    WثewgSH|ϥ IP ӱHHFAڭ̳q`^쪺 email OϥΡyb@DEW١z覡ӳBzA ҥHAAlAyN@wn@ӦXkULDEWz~iHCOH ]cNϥλPUlƉRR]AfPڭ̤\^QΥDE IP ӱHHFA_hC IP DEHH... ]AAQn[] mail server NyݡznXkDEWoC

    OKIJMڥun@ӦXkDEW٧YiAܧڤݭn[]@ DNS DEoH OAAiHo˻{IunA֦XkDEW١AYb DNS dߨtSADEWپ֦@ A AxA zAWA mail server NiH[]\CuLѩثeںWsiHB UHPfrHΦΤFӦhWeAfPӺ|OLhbӳoǩUơC ҥHFʎicUHAثejR (ISP) |w藍ӷl[HA o]NOyQn[]@̔xiHB@ mail server VӶVFzC


    • DNS ϶]ܭnI

    @몺AӻAڭ̥unϥΥΤݥiHTڭ̦A IP Yi[A|Ҩӻ WWW ANOoˡCLAѩثeHݪlA|wlӷ IP i϶AӦpGAOєD^oDTw IP ɡAMR IP b ISP 譱q`|DʪH xxx.dynamic.xxx DEW٨Ӻ޲zAo˪DEWٷ|QDnjlA (Ҧp hotmail, yahoo ) UHA ҥHAlAҵoXHNiQAiN˸FI

    ҥH[ApGAQn[]@ Mail server ܡAСyȥzVzWh ISP ӽ IP ϶RA nAϥιw]϶DEW١A_hܮefPzlAҵoXH|b Internet Wy[I

    Tips:
    AROiHΥӽ IP ϶ALNonQΩҿת relayhost Ϊ̬O smarthost ӳBzl茻DA oӈSAΨWh ISP DAzIڭ̷|b@I
    mϥ

    • ݭn DNS MX A Ax[ (Wn MX)I

    ڭ̪lAt쩳Opϥ DNS TӶil󪺶ǻHROobQE DNS ̭ͨ쪺 MX oӊAxܡHSɧڭ̶ȻLo MX NO Mail eXchangerA S@ʶlnǰeXhɡAlDE|RʫHy؊ADE DNS zAo MX Ax (`NAMX Axi|hDE) MHu MX DEDZNHoeXhCݤܡHS}YAڭ̥HUo DNS dҨӻG

    xyz.com.vbird  IN  MX 10 mail.xyz.com.vbird
    xyz.com.vbird  IN  MX 20 mail2.xyz.com.vbird
    xyz.com.vbird  IN  A     aaa.bbb.ccc.ddd
    

    pWz DNS ]wO`AG

    • S@ʫHnǵ user@xyz.com.vbird ɡAѩ MX Ax̧CuAҥHMʫH|ǰe mail.xyz.com.vbird DEC
    • pG mail.xyz.com.vbird ѩRR]AfPLkUMʫHɡAMʫHNHn MX DEӶǰeANOǰe mail2.xyz.com.vbird DEWYF
    • pG MX DELktdܡAMʫH|^H A AxAY^ǰe aaa.bbb.ccc.ddd IP WYhA ]NO xyz.com.vbird TI

    boӹL{SAAݭn`NGmail.xyz.com.vbird mail2.xyz.com.vbird ݭnOiHD xyz.com.vbird 茫HDE~A]NOADEq`OAq̤W媺lDEA äOAHNgIDERݭnwA xyz.com.vbird ӳ]wyl茻z~I _hAH|Q𱼪C

    ѩ{bܦhlA|hjM MX oӊAxӧP_؊AlAO_XkAҥHAn[] Mail server Mۦ]w DNS AALA̦nnӽФ@ MX Ax~C~AMX Ax@wn]wTA_hAHNi|^Q MX A𱼡CFn]w MX Oڭ̨SWhlAɡAҥHAiHw MX ۤvAQΦۤvS MX AYiC

    Aγ\|QAo MX ԣnB[H@ӻApG؊ADEIɡAAlq`|^hRoH̡A pG MX DEɡAo MX DE|NMʫHbLC (queue) SAΨA؊ADEsѶlAȫA MX DE|NAHǰe؊ADEAp@ӧAHN|򥢔[Io˻AziHAaI ^_^


    • Email }gk

    WYL email q`Oyb@DEW١z覡ӳBzA|Ҩӻm www.centos.vbird DEW dmtsai ϥΪ̡Ahڪ email N|Gydmtsai@www.centos.vbirdzASHnHHڮɡA L|R @ ᭱DEW١AY www.centos.vbird MX/A AxΆΡAMAzL軡y{ӶǥXHC Sڪ www.centos.vbird. oʫHɡAL|NH dmtsai HcSTIUڭ̴Nӽͤ@ͳoӬy{aI


    pADϥ22.1.3 lljKһݭn (MTA, MUA, MDA) Hά}w

    b}ll󪺶ǰeL{eAڭ̥ӷQ@QAAOpHXqll󪺡H]AnHH@ӨϥΪ̡A LqllOya_user@gmail.comznFA]NOAAnH@ʫH gmail.com oӥDEWNC AWq (|ҨӻA Windows t) O_^NoʫHy^zzLe gmail.com ӥDEWH SMTIAon]wDA茫HlA~I]NOAAݭnVY@lAUA Ho@ӦXkqllϥvA~^oelXhC

    ҥHAAnHX@ʫHɬOݭnܦhDAUCX@̔xϥܨӻG

    qll󪺡yǰezL{ܷN
    22.1-1Bqll󪺡yǰezL{ܷN

    ڭ̥Ӷ@DZMWaIMAӻǰey{G


    1. MUA (Mail User Agent)G

      UWq MUA NOylϥΪ̥NzHzNA]DAiH^Q telnet nnJlAӥDʵoXHA_hzNonzL MUA DAeHlAWYhC ̱` MUA ^O Mozilla X Thunderbird (pm) ۥѳnA Ϊ̬O Linux ୱ KDE ` Kmail A Windows Outlook Express (OE) ΡC MUA Dn\NOlDEqllAHδѨϥΪsPsgl󪺥\I

    2. MTA (Mail Transfer Agent)G

      MUA DΤǰellDEWAolDEpG^DΤNoʫHHXhALNO@lǰeDE (MTA) TIo MTA NOylǰeNzHzNC]UWq@UAJMOyǰeNzHzA ϥΪ̱HXHADϥΪ̱NݩMΤ᪺H󦬤UɡANO䥦 (MTA) NTI򥻤WAMTA \঳oǡG

      1. HGϥ̔xlǰew(SMTP)
        MTA DE̥Dn\NOGNӦۥΤݩΪ̬OL MTA ӫHUӡAoӮɭ MTA ϥΪO Simple Mail Transfer Protocol (SMTP)ALϥΪO port 25 TI

      2. 茻HG
        pGMʫH󪺥تaäOΤABMʫH}ƲŦXϥ MTA vOA 򫥭̪ MTA N|NMʫHAǰeU@DEWCoYOҿת茻 (Relay) \C

      `Aڭ̤@봣쪺 Mail Server NO MTA TIYӻA MTA ȬO SMTP oӨwӤwCӹF MTA SMTP \઺Dnn]AѵP sendmailA_q postfixAR qmail ΆΡCUڭ̨ӬݬݡAb MTA WYRǭn\C

    3. MDA (Mail Delivery Agent)G

      rWNOyl󻼰eNzHzNCWAo MDA Ob MTA U@Ӥp{A ̥Dn\NOGR MTA Ҧ쪺HYΤeθơA ӨMwoʶl󪺥hVCҥHAW쪺 MTA H茻\AO MDA FC |ҨӻApG MTA Ҧ쪺oʫH؊AOۤvA MDA |NoʫHL茨ϥΪ̪Hc (Mailbox) hA pGOOHNǷQn茻XhFC~AMDA RRPLol󪺥\I|ҨӻG

      1. LoUHG
        iHھMʶl󪺪YơAΪ̬OSwH󤺮eӥ[HRLoCҦpYӼsiHDDOTwA pyAV...zΆΡANiHzL MDA ӹLoåhMlC

      2. ۰ʦ^G
        pGzXtFfPY@qɶLkߧY^HɡANiHzL MDA \lDEiH۰ʵoX^HA pzBʹN|{AӤjPI^_^

      UDn MTA { (sendmail,postfix...) ۤv MDA \ALǥ~{\jjA|Ҩӻ procmail NO@ӹLonDAt~ Mailscanner + Spamassassion ]OiHϥΪ@ MDA C

    4. MailboxG

      NOqllHcI̔xANOYӱbMΪH󦬨ɮoCڭ̪ Linux tw]HcOb /var/spool/mail/ϥΪ̱b I Y MTA Ҧ쪺HOEϥΪ̡AMDA N|NHeM mailbox ShoI


    nFAӷQ@QAApzL MUA ӱNHe誺lHc (Mailbox) hOH

    • Step 0GoY MTA ϥvG

      Np 22.1-1 ҥܡAڭ̥aݪ MUA Qnϥ MTA ӶǥXHɡA SMݭno MTA ϥvCq`NOGڭ̥nV MTA U@œiϥ email bPKX~C

    • Step 1GϥΪ̦b MUA WsgHAǰe MTA WYG

      ϥΪ̦b MUA WsgHAH󪺸ƥDnG

      • HAYG]AH̻P̪ email }ARMʫH󪺥D (subject) ΡF
      • H󤺮eGNOAn軡eTI

      sgܤunUǰesAMʫHN|eܧA MTA AWFA`NGOA MTA ӤO誺 MTA I pGATwiHϥM MTAAAoʫHN|Qm MTA C (queue) SÆΫݶǰeXhFC

    • Step 2.1GpGMʫH؊AOa MTA ۤvb

      AOiHHHAۤvAҥHpGA MTA MʫH󪺥؊AOۤvΤɡAN|zL MDA NoʫHe Mailbox hoI

    • Step 2.2GpGMʫHتL MTA Ah}l茻 (Relay) y{G

      pGoʫH؊AOLDEOHoӮɭԧڭ̪ MTA N|}lRMʫHO_㦳XkϥvA Y㦳ϥvɡAhڭ̪ MDA |}lil茻AYMʫH|zLڭ̪ MTA VU@ MTA smtp (port 25) oeXhCpGMʫH󶶧QoeXhFAMʫHN|ѦCSFC

    • Step 3G MTA AH

      pG@SDܡAhݪ MTA |ڭ MTA ҵoXʫHAñNMHm쥿TϥΪ̫HcSA ΫݨϥΪ̵nJŪΤUC

    boӹL{SAA|o{AHOѧڭ̪ MTA DoeXhA MTA ѪwO̔xlljKw (Simple Mail Transfer Protocol, smtp)A åBMʫH̜OdbDE MTA WYIäOABͪ MUA WY[I

    Tips:
    SOjճo@IH]HeӪBڻGym[AAnH email ڪɭ԰OoA ڤUZeNq}ۡAHKAHHڪHczABYTuM]XӡܤnN ҥHo̤~nSOjաAA MUA }TInHɦA}YiC
    mϥ

    AFǰeH MTA ݭnŰ smtp (port 25) AAӧڭ̱onͽͨoʫHnp^[H


    pADϥ22.1.4 ϥΪ̦HɦAݩҴѪ}wG MRA

    ϥΪ̦pGQnHɡASM]iHzL MUA ^ӳsuoۤvlHcƔ[IӹL{I^UoˡG

    ΤݳzL MRA ^H󪺬y{ܷN
    22.1-2BΤݳzL MRA ^H󪺬y{ܷN

    bWzϥܤAhF@Ӷl󤸥ANO MRAG

    1. MRA (Mail Retrieval Agent)G

      ϥΪ̥iHzL MRA AѪlFAȨw (Post Office Protocol, POP) ӦUۤvHA ]iHzL IMAP (Internet Message Access Protocol) wNۤvHOdblDEWA öi@Bإ߶lƧXζi픤u@C]NOASΤݦHɡAϥΪO MRA POP3, IMAP γqTwAëD MTA SMTP I

    ڭ̥ͤ@ POP3 H覡aG

    1. MUA zL POP3 (Post Office Protocol version 3) ws^ MRA port 110A åBKJbPKXӨoT{һPvF
    2. MRA T{MϥΪ̱b/KXSDA|eMϥΪ̪ Mailbox (/var/spool/mail/ϥΪ̱b) oϥΪ̪HöǰeϥΪ̪ MUA nWF
    3. SҦHǰeܫAϥΪ̪ mailbox ƱN|QRI

    bWzy{Sڭ̪D MRA nŰ POP3 oӨw~ALoӨw覡áA ]ϥΪ̦HOѲĤ@ʫH}lU̫@ʫHljKܬCLѩY MUA {gDAYǶl󦳯friʮɡAzLrnNifPM MUA n骺_uI p@ӥѩljKSܡA] MRA DEä|NϥΪ̪HRC ɦpGϥΪ̤SA@U^gAIӤw^HS|ƦAӨS쪺ROI

    oӮɭԩγ\AiHzLnJDEQ mail oӫOӳBzADlA γ\@R MUA ]OӤhҤVASΪ̼ȮɱNrn}]OiHҼ{q@C YLӷQ@QA] POP3 ww]|NHRApGڤѦb줽DZNڪH줽ǪqA Sڦ^aɦA׎Ű MUA ɡAO_^wgQ^HHSMAaI

    γ\AݭnDUwAY IMAP (Internet Messages Access Protocol) A oӨwiHAN mailbox 茦sADEWaؿAY /home/b/ ӥؿUA AiHإ߶lƧXA]iHwH޲zAӥBb@ӥisWaAunnJDEA 쥻HNROsboIuOn[I

    LAϥ IMAP ɡAϥΪ̪ؿ̦n^[IAҦpQ quota Ӻ޲zϥΪ̪wШϥvA _h]H󳣦bDEWYApGϥΪ̹LhB~ήɡAAwЪŶ|QYI`N`NI

    OKIzLWAnDAn[]@iHϥ MUA i榬oH MTA, MRA AAAܤ֤]ݭnŰ SMTP H POP3 oӨw~IӳoӨwŰʵ{äۦPA ҥH[]WROonpߪ`N[I


    • pop3s, imap2 P SMTP xZ

    lƦbںWljKɡAzL SMTP, POP3, IMAP γqTwAqqOXljKIר POP3, IMAP oӳqTwAϥΪ̥nKJb/KX~বHI]AαbKAҥHSM[KoӳqTwƸΡI ONF POP3s, IMAPs qTwX{FIzL SSL [KIA|ݡAJMwg pop3s, imaps FA S smtps OH׬OASMIuLSHΡI

    q 22.1-1 22.1-2 y{ӬݡAPOP3, IMAP uP MRA ΦۤvΤᦳ}A]AunAΤỡAAAϥΪ MRA wAqAΤܧYiAä|vTLAC O MTA NPFI] MTA PL MTA qA]AYAϥΤF smtps A@ɻPA MTA q̡A qqݭnܬ smtps qTw~IoӤu{bӯEjFIثeRS@a ISP OiI ҥHANyثeS SMTPs woC

    DAƴN@wnOXܡHˤoJMA MTA Lk[KAANۤvNlƥ[KAA MTA ǰeYiIo]Oثeܦhݥ[KƪlΤҨϥΪqTI^_^


    pADϥ22.1.5 Relay P{En

    SAݭn MTA DANHHeU@ MTA hɡAoӰʧ@N٬l茻 (Relay) oANO 22.1-1S Step 2.2 Ӱʧ@TCڭ̨ӷQ@QApGyҦHiH]ѳo@ MTA Di Relay ɡA oӱp٤ Open Relay ʧ@zCSA MTA o Open Relay ɡA|DH DiNjFI

    SA MTA ѩ]w}}YfP㦳 Open Relay pA[WA MTA TOsWںɡA ѩںW port scan n骺HӦhAA MTA 㦳 Open Relay \oƱA N|buɶNQܦhHԎ\AɨǤksiHBⱡUH~̱N|QΧAo Open Relay MTA oeL̪siAҥHA|oͪDܤ֦G

    • ADEҦbk`ϥΪsutױN|ܺCA]WeQsiBUHYFF
    • ADEiѩjqoeHfPDE귽QӺɡAeͤ]SEDF
    • A MTA N|Qں|wqy¦WxzAqܦh`lN|LkoF
    • A MTA Ҧbo IP N|QWh ISP ҫʬAAMo Open Relay DF
    • YǥΤN|AOͽáAzqΪ̬OAӤHN|Hߚ^IƦܥiyȷF
    • pGA MTA QQΨӵo¨AAO䤣oH̪AҥHAo MTA N|Ql}̜毸I

    DܤjIҥH[AثeҦ distributions @ˡAXGN MTA w]ŰʬȺoj餶 (lo) ӤwAӥB]N Open Relay \FCJM Open Relay \Aϥγo MTA Relay D茫H[HIҥHڭ̦bWY~|@AAyݡzoXkϥM MTA v[I o]NOA]w֥iHϥ Relay \NOڭ̺޲zTIq`]w Relay koXRG

    • WwY@ӯSwΤݪ IP κqAҦpWw LAN 192.168.1.0/24 iϥ RelayF
    • YΤݪ IP Tw (ҦpD^oDTw IP) iHQλ{EӳBzC
    • N MUA []b MTA WAҦp OpenWebMail web MUA \C

    {EW` SMTP l{EAH SMTP after POP RAAO@REA 򥻤WOzLϥΪ̉KJ{ҥΪbPKXAӽTwLXkϥM MTA vAMwqL{Ҫ̶} Relay 䴩NOFCp@ӧA MTA AŰ Open Relay AåBΤROiH`Qλ{EӦoHA ޲zAiNPhoI ^_^


    pADϥ22.1.6 qll󪺸Ƥe

    ݹLWYƫAzRM Mail server @ǵ{ת{ѤFCAӭnͪOA@ email eLjOHNH|l󦳫HʳUHΤHȤ@ˡAemail ]ҿתAY (header) HΤe (body) I

    email AY (lH) |XӭnTA]AGoʫHӦۨ MTABOѽ֩ҵoeXӪBne֡B DΆΡAܩ󤺮e (HʤH) hOoH̩Ґg@ǻoCpGAϥ dmtsai UFoӫOG

    [dmtsai@www ~]$ echo "HaHa.." | mail -s "from vbird" dmtsai
    

    MNۤvHcesXӡApUҥܡG

    [dmtsai@www ~]$ cat /var/spool/mail/dmtsai
    From dmtsai@www.centos.vbird  Mon Aug  8 18:53:32 2011  <==oH̪ email
    Return-Path: <dmtsai@www.centos.vbird>                  <==oʫHӷ
    X-Original-To: dmtsai
    Delivered-To: dmtsai@www.centos.vbird
    Received: by www.centos.vbird (Postfix, from userid 2007)
            id 6D1C8366A; Mon,  8 Aug 2011 18:53:32 +0800 (CST) <==lID
    # oDnbo email ӷP؊A MTA b̪T
    Date: Mon, 08 Aug 2011 18:53:32 +0800     <==H󪺤
    To: dmtsai@www.centos.vbird               <==̬O֔[I
    Subject: from vbird                       <==NOHAD
    User-Agent: Heirloom mailx 12.4 7/29/08
    MIME-Version: 1.0
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit
    Message-Id: <20110808105332.6D1C8366A@www.centos.vbird> <==EݪlID
    From: dmtsai@www.centos.vbird             <==oH̬O֔[I
    
    HaHa..
    

    ѭ쥻H󤺮eڭ̥iHݨ email TOAbAYOFNBo̸ơA Hά}ӷB؊A MTA TΆΡCAn`NOAӡyReceived:...z@ƬOy|ܰʪzA pPeͨ쪺 MX AxApG@ʫH MUA ǰe MTA b MTA ǰe MX DEA~ǰe̜檺 MTA ɡA o Received: ƱN|OC@gL MTA TIҥHAiH]۳oӰOƺCC^oʫHǻVOI

    ~AoӶl󪺊AYHΤeRAARiH]ѬYǤRnӶiLoA oڭ̱NbYACCjaAI ^_^IzD@ʶlܤ֦oǸơAH᫥̦ACCoI


    jADϥ22.2 MTA AG Postfix ]w

    iF MTA AnD`hAҦpڭ̪ CentOS w]NѤFӋQ~ѵPl sendmail (http://www.sendmail.org) HΪHӫ] Postfix (http://www.postfix.org)CM sendmail O̬sxϥΪ mail server nAѩ sendmail ]wɤӹLAHΦ{|}DfPDEwʯʥF[W sendmail NҦ\ೣXb /usr/sbin/sendmail oӵ{SAfP{Ӥji|į譱ü{ΆΡA ҥHs CentOS wgNw] mail server վ㬰 postfix oIڭ̳o̤]Dn postfixCSMTAz譱@ˡAz]iHۤvL mail serverC


    pADϥ22.2.1 Postfix }o

    Postfix O Wietse Zweitze Venema (http://www.porcupine.org/wietse)ҵoiC mail server Oϥ sendmail []ARuOyȦ@aAʎLzILAVenema Vh\o sendmail MܦnΡAOܳ^wAרįWäQzQA̤jxZO...sendmail ]w sendmail.cf uOFIޤHӻAn]wn sendmail.cf oɮסAuOH@u@C

    FﵽoǰDA Venema VhNb 1998 ~QΥLѤjb IBM qĤ@ӥ𰲦~i@ӭpeGy ]p@ӥiHN sendmail nMAiHѺ޲z@ӧֳtB wBӥBۮe sendmail mail server nIzoӭpeRu\FI ӥB]\ϥΦb IBM Ab IBM iHONF sendmail oӶlAIboӭpe\A Venema Vh]b 1998 ~XoӦۦoilAAéwW VMailerC

    LAIBM ߮voo{@ơANO VMailer oӦWrPLwUΊAA o˥i|ް_@ǵUWxZCFקKoӰDAҥH Venema VhNNoӶlnW٧אּ Postfix IyPost b򤰻򤧫zNAyfix hO׭qzNAҥH postfix yb׭qzNC

    mӤH{A Venema ͳ̦cQäOQnyгy@ӥs Mail server nAӬOQnsy@ӥiHۮe sendmail nzAҥHAVenema ͻ{LۦoinRMOy} sendmail ʥzAҥH~٬ Postfix aING y}F sendmail ᪺lAnIz

    ҥHTA Postfix ]pzWADnOwyQnۮe sendmailzҳ]pXӪ@fybsoz@ӶlAnCNOѩoӲzA] Postfix ﵽF sendmail wʤWDA}F mail server u@IJvA B]wɤe˩MOI]AAiH sendmail 茂 Postfix WIo]OS Venema Vh̪cQ[I

    NOoӺcQAҥH Postfix b~]wɮת䴩סAP sendmail XGSˡAP˪䴩 aliases oɮסAP˪䴩 ~/.forward oɮסA]P˪䴩 SASL SMTP l{ҥ\ΆΡI ҥHAIԒӎ@ˬ[] Postfix oӬSX⪺lAaI ^_^


    pADϥ22.2.2 һݭnnPnc

    ѩ CentOS 6.x w]NO postfix IҥHڥLվԣNN㪽^ӨϥΧaI postfix ǭn]wɩOHLDn]wɳb /etc/postfix/ SANɮפeNڭ̨ӽͽ͡G

    • /etc/postfix/main.cf
      oNODn postfix ]woAXGҦ]wӋOboɮפWdI oɮ׹w]NO@ӧ㪺ɤFAAiHѦҳoɮתeN]wnݩA postfix MTA OI unקLoɮסAOonsŰ postfix I

    • /etc/postfix/master.cf
      DnWwF postfix Cӵ{ǪB@ӋA]Oܭn@ӳ]wɡCLoɮ׹w]wg OK FAq`ݭnLC

    • /etc/postfix/access (Q postmap Bz)
      iH]w} Relay ΩʎsuӷΥ؊A}θT~]wɡALoɮ׭nͮRݭnb /etc/postfix/main.cf Űʳoɮתγ~~CB]wܫݭnH postmap ӳBzƮwɮשOI

    • /etc/aliases (Q postalias newaliases i)
      lOWγ~A]iH@lsœ]wI

    ܩ`ɫhUoǡG

    • /usr/sbin/postconf (d\ postfix ]w)
      oӫOiHCXثeA postfix N]wơA]Atw]Ȥ]|QCXӡA ҥHƶqSejIpGAb main.cf ̭gקLYǹw]ӋܡAQnȦCXDw]Ȫ]wơA hiHϥΡypostconf -nzoӿﶵYiC

    • /usr/sbin/postfix (Dn daemon O)
      postfix DnɡAAiH̔xϥΥLӎŰʩέsŪ]wɡG
      [root@www ~]# postfix check   <==ˬd postfix }ɮסBvάO_TI
      [root@www ~]# postfix start   <==}l postfix 
      [root@www ~]# postfix stop    <==} postfix
      [root@www ~]# postfix flush   <==jNثeblClHXI
      [root@www ~]# postfix reload  <==sŪJ]wɡA]NO /etc/postfix/main.cf
      
      n`NOACʹL main.cf AȥsŰ postfixAi̔xϥΡypostfix reloadzYiCLAmROߺDϥ /etc/init.d/postfix reload..

    • /usr/sbin/postalias
      ]wOWƮwOA] MTA ŪƮw榡ɮ׮įΡAҥHڭ̳|N ASCII 榡ɮ׭جƮwC b postfix SAoӫODnb茂 /etc/aliases /etc/aliases.db oIΪkG
      [root@www ~]# postalias hash:/etc/aliases
      # hash @RƮw榡AMᨺ /etc/aliases.db N|۰ʳQsoI
      
    • /usr/sbin/postcat
      DnΦbˬdb queue (C) SH󤺮eCѩCSH󤺮eO MTA ݪA ҥH榡äO@ڭ̤HݪrơCҥHoӮɭԧAon postcat ~iHݥXMH󪺤eC b /var/spool/postfix ShؿA]@ɮצW /deferred/abcfile A AiHQΩU覡ӬdMɮתeG
      [root@www ~]# postcat /var/spool/postfix/deferred/abcfile
      
    • /usr/sbin/postmap
      oӫOΪkP postalias ALLDnb茂 access oɮתƮwTIΪkG
      [root@www ~]# postmap hash:/etc/postfix/access
      
    • /usr/sbin/postqueue
      mailq KXGAҦpAiHKJypostqueue -pzݬݴNDFI

    postfix ncjPWOoӼˤlA^Uڭ̥̔xBz@U postfix oH\aI


    pADϥ22.2.3 @ӶlA]wר

    eͨ mail server P DNS tܤj}ʡAҥHpGAQn[]@iHsW Internet lAɡA AݭnwgoXk A P MX DEW١AӥB̦n϶]wgVz ISP ӽЭק]wFA oiOӤjeInLIbUmSmHeQE DNS ]w̾ڡADnӋOo˪G

    • lADnW٬G www.centos.vbird
    • lA|OW linux.centos.vbird ftp.centos.vbird ]iHoHF
    • lAw MX ]wA^Vۤv (www.centos.vbird)
    • o www.centos.vbird A AxV 192.168.100.254C

    bڪlA]wSAWzXӊAxOܭnAЦۦѦ DNS ظ`aIUNڭ̨ڳ]w postfix AoI


    pADϥ22.2.4 Postfix io Internet ӦoH

    bw]pUACentOS 6.x MTA Ȱw糧EioA۫HܡHݡG

    [root@www ~]# netstat -tlnp | grep :25
    Proto Recv-Q Send-Q Local Address   Foreign Address   State    PID/Program name
    tcp        0      0 127.0.0.1:25    0.0.0.0:*         LISTEN   3167/master
    

    ҥHpGAn Internet }񪺸ܡANonVOdwX̔x]woIӴXGҦ]wAiwg /etc/postfix/main.cf oɮ׷dwIקeAݭn`NئG

    • y # zŸONF
    • Ҧ]wȥHyӋz]wkӳBzAҦp myhostname = www.centos.vbirdAЪ`NθnťզrA BĤ@ӦriHOťաAYymy..znѦ歺g_F
    • iHϥΡy $ zөϥӋ]wAҦp myorigin = $myhostnameA|Ω myorigin = www.centos.vbirdF
    • pGMӋ䴩ӥHWơAhϥΪťզrӤjALijϥγr[ťզry, zӳBzC ҦpG mydestination = $myhostname, $mydomain, linux.centos.vbirdAN mydestination 䴩TӸƤeNC
    • iϥΦhӪܦP@ӳ]wȡAunbĤ@̫ᦳrABĤG}YťզrA YiNƩĤG~Ѽg (ҥHĤGI~A}YdաI)F
    • YƳ]wY@ءAhH߅X{]wȬǡI

    nA postfix iHoHɡAAݭnŰʪ]wƦUodzG


    • myhostnameG]wDEW١Aݨϥ FQDN

      oӶئb]wADEW١ABoӳ]wȷ|QܦhLӋҤޥΡAҥHn]wT~C ARMn]w㪺DEW١CbmoӽmSARM]wG myhostname = www.centos.vbird ~C Foӳ]wȤ~AR@ mydomain ]wءAoӶعw]| $myhostname Ĥ@ӡy.z᪺W١C |ҨӻWY]wܫAw] mydomain NO centos.vbird oIA]iHۦ]wLC

    • myorigin GoHɩܪyoHDEz

      oӶئb]wylAYW mail from Ӧ}zA ]NON MTA ǥXhHNH]wȬdzIpGAbEHHɧѰO[W Mail from r˪ܡA NHȬǤFCw]oӶإH $myhostname DAҦpG myorigin = $myhostname

    • inet_interfaces G]w postfix o (n)

      bw]pUA Postfix u|oE lo (127.0.0.1) ӤwApGAQno Internet ܡA ж}񦨬~AΪ̬O}񵹥A`]wkG inet_interfaces = all ~I ѩpGƳ]wخɡA|H߅X{]wȬǡAҥH̦nuOd@œ inet_interfaces ]wI

    • inet_protocols G]w postfix o IP w

      w] CentOS postfix |hPɺo IPv4, IPv6 Ӫ IPApGA̭Ȧ IPv4 ɡAiH^w inet_protocols = ipv4 N|קKݨ :::1 IP X{I

    • mydestination G]wy^HDEW١z (n)

      oӳ]wثܭnI]ڭ̪DED`hWrA萺g mail to 쩳ngӥDEWrڭ̤~NMH󦬤UH NObo̳WdI]NOAA\hDEWSAȦgJoӳ]wȪW٤~@ email DE}C bڭ̳oӽmSoDETӦWrAҥHgkG mydestination = $myhostname, localhost, linux.centos.vbird, ftp.centos.vbird

      pGAQnN]wȲʨ~ɮסAiHϥU@kG mydestination = /etc/postfix/local-host-names AMb local-host-names ̭NiHDEWټgJYiC@ӻAijAB~إ local-host-names oɮTA ^gJ main.cf YiISOdNOApGA DNS Y]w MX AxܡAбN MX VӥDEW٤@wngbo mydestination A _hܮeX{h~TI@ӻAϥΪ̳̱`o͎h~aNboӳ]wYOI

    • mynetworks_style G]wyHkz@A

      oӳ]wȦbWwyPDEbP@ӺkiHΤݡzNI|ҨӻAmDE IP O 192.168.100.254ApGڬ۫HӰk (192.168.100.0/24) Τ᪺ܡAڥiWw]wȬy subnet zoI LA@ӻA]U mynetworks |Noӳ]wA ҥH]w]S}YIpGn]wܡA̦n]w host Yi (YȫHo MTA DEӤw)C

    • mynetworks GWwHΤ (n)

      A MTA णDi Relay Poӳ]wȳ̦}YI|ҨӻAڭn}EPk IP ɡANiHo˶i]wG mynetworks = 127.0.0.0/8, 192.168.100.0/24CpGAQnH /etc/postfix/access oɮרӱ relay ΤɡAmiHijANWzƧgoˡG mynetworks = 127.0.0.0/8, 192.168.100.0/24, hash:/etc/postfix/access MAunAإ access ᭫㦨ƮwAKKIN^]w Relay ΤoI

    • relay_domains GWdiHD relay U@ MTA DE}

      ۹ mynetworks OwyHΤݡzӳ]wAo relay_domains hiHywU MTA Azӳ]wC|ҨӻApGAoDEO www.niki.centos.vbird MX DEɡA ANonb relay_domains ]ww niki.centos.vbird oӠZk؊AHi茻~C bw]pUAoӳ]wȬO $mydestination ӤwTC

      Aݭn`NyPostfix w]ä|茻 MX DEHzANNOGpGADEA@OW媺 MTAup A@OU媺 MTAdown A MTAdown Wd MX DEO MTAupA 22.1.2 ͨ쪺 DNS MX ]wȻPHǻVAڭ̪DQnH MTAdown DEHA |gL MTAup 茻~IɦpG MTAup S}D MTAdown i relay vɡA ǵ MTAdown HNyQ MTAup Ұh^zIq MTAdown NLkHFC

      W@qбzSOAQ@QA]pGAbjqAȦӥBAqWBU姡 mail server ɡA åB]]w MX pUAKKIo relay_domains NܭnTIW媺 MTA DEݭnŰʳoӳ]wC @ӻDAOY MTA DE MX YA_hoӳ]wإiH]wLC ӦpGAQnDAΤ茻HYSw MTA DEɡAoӳ]wؤ]OiH]wTC w]бzOdw]ȧYiC

    • alias_maps G]wlOW

      NO]wlOW]wءAunw쥿TɮץhYiAoӳ]wȥiHOdw]Ȕ[G


    bAWz]wAHmdҨӬݪܡAmʹLεn]wȥHά}ɮ׬Oo˳BzG

    [root@www ~]# vim /etc/postfix/main.cf
    myhostname = www.centos.vbird          <==b  77 
    myorigin = $myhostname                 <==b  99 
    inet_interfaces = all                  <==b 114 A117 n
    inet_protocols = ipv4                  <==b 120 
    mydestination = $myhostname, localhost.$mydomain, localhost,
      linux.centos.vbird, ftp.centos.vbird <==b 165,166 
    mynetworks = 127.0.0.0/8, 192.168.100.0/24, hash:/etc/postfix/access <==b269
    relay_domains = $mydestination         <==b 299 
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases     <==b 389, 400 
    # L]wȴNOdw]ȧYi[I
    
    [root@www ~]# postmap hash:/etc/postfix/access
    [root@www ~]# postalias hash:/etc/aliases
    

    ] main.cf Sڭ̦B~[Jӥ~]w (mynetworks alias_maps) AҥH~|B~i postmap postaliasCMǷQӎŰTIAiHo˳BzG

    # 1. ˬd]wɪykO_h~
    [root@www ~]# /etc/init.d/postfix check   <==STAܨSDC
    
    # 2. ŰʻP[Ԏ port number
    [root@www ~]# /etc/init.d/postfix restart
    [root@www ~]# netstat -tlunp | grep ':25'
    Proto Recv-Q Send-Q Local Address  Foreign Address   State   PID/Program name
    tcp        0      0 0.0.0.0:25     0.0.0.0:*         LISTEN  13697/master
    

    ̔xaIo˴N]wSFC]AwgBzܡAA Postfix wgiH}Τݶi茻AåB]iHHoILA쩳bw]pUڭ̪ postfix iHUǫHHSiHwdz]wȪei茻OHoNonѦҤU@p`FC


    pADϥ22.2.5 Hǰey{PHBrelay έn[

    ڷQAz MTA ]wPoHRM@w{תyFALn]wnA MTA ɡA רOQnA MTA Op󦬡BoHɡAA̦nROnDyڳo MTA p^ӷDEҶǨӪHAHαNH茻U@DEhzӬy{[C @ӻ@ʶlǰe|gL\hy{G

    1. eHݻPHݨDE|gL@Ӵ (ehlo) 픬qAɰeHݳQOoHӷ(ӤO mail from)C qLNiHiHAY (header) ǰeF

    2. ɦHݥDE|RAYTAYH Mail to: DEW٬HݥDEABMWٲŦX mydestination ]wAhMH|}lQUܦCAöi@Be mailbox SF YŦX mydestination ]wAhsuB|iH󤺮e (body) ǰeF

    3. Y Mail to: DEW٫DHݥAh}li茻 (relay) RC

    4. 茻L{RMH󪺨ӷO_ŦXHΤ (oӥΤݬBJ 1 ҰOoHDE)AYӷO_ŦX mynetworks ]wȡAYŦXh}lUHܦCAÆΫ MDA NHA茻XhAY mynetworks h~U@BF

    5. RHӷΥ؊AO_ŦX relay_domains ]wAYŦXhHNQUܦCAÆΫ MDA NHA茻XhF

    6. YoʫHAYƳXGWzWdAhsuAä|^H󪺤eƪC

    Ӭy{I^UoˡG

    bE MTA SHRL{
    22.2-1BbE MTA SHRL{

    ]NOAYRqLAAH󤺮e~|}lWǨDECAMzL MDA ӳBzMH󪺬yVC ӤONH󧹾㪺ǰeDE~}lRIoӱonSO`NoIӳzLWzy{A bȤҼ{ access H MDA REA@ MTA QnTBoHɡAqll󥲻ݭnŦXG

    • H譱GݲŦXUݨDG
      1. oHݥݲŦX $inet_interfaces ]wF
      2. HAY̥DEW٥ݲŦX $mydestination ]wA Ϊ̦DEWٻݭnŦX $virtual_maps (P[DE}) ]wF

    • 茻譱 (Relay)GݲŦXUݨDG
      1. oHݥݲŦX $inet_interfaces ]wF
      2. oHݨӷݬ $mynetworks ]wFoHݨӷΫHAY̥DEWٲŦX $relay_domains ]weC

    P˪zPQkAiHNLΦb sendmail ]wSI ^_^ILܦhUHoO]ѳoӹw]o޹DӵoeA 򻡩OHЬݩURG

    DG
    bڪDEWMo{o˪siHANOyQΧڪDEoesiHڦۤvIzoˤ]iHOH
    G
    AAݭnx@UWzy{Ab 2 ӨBJSڭ̪DASDE@ʫHBoʫH؊AOۤvA åB]ŦX mydestination ]wɡAMHN|QUӦӤҥΤݬO_Ӧ۩ mynetworks FC ҥHAHiHγoӬy{ӱHHA[CLAA MTA äO open relay TA|DHaoesiHAξߡC

    DG
    ڪDES Open relay AܦhL MTA ޲zoHڡAڪDEYӱboesiHA OڪDESӱb[IoO^ơH
    G
    JNݤ@Uy{BJ 1 P 2 AT{MʫH_QUӻPoHݤΦHݥDEW٦}C ӧڭ̪Dbl header ̭R@ mail from AY]wءAoӊAY]wOڭ̦bd\lɬݨ쪺y^l}zA oӸƬOiHyIӥBLPoH󪺸ƵL}IҥHAzRMni MTA ޲zA ХLьN log ơA~^P_MʫHO_ѧADEҵoeXhC

    @ӻAثesi~̫ܦhOQγoRۼĪ覡ӳBzAҥHzݭnй责ьN log file ƥHѬd~I


    pADϥ22.2.6 ]wlDEϥvPLoE /etc/postfix/access

    򥻤WAwF Postfix mynetworks HӷN^ϥΪ relay FALpGA̷mWz覡 (22.2.4) ӳ]wA mynetworks ܡAڭRiHQ access oɮרB~޲zڭ̪HLoOI򥻪 access ykG

    WddγWh               Postfix ʧ@ (dҦpU)
    IP/IP/DEW/Email       OK/REJECT
    

    ]AQn 120.114.141.60 R .edu.tw iHϥγo MTA 茻HAB\ av.com H 192.168.2.0/24 oӺkϥήɡAiHo˰G

    [root@www ~]# vim /etc/postfix/access
    120.114.141.60		OK
    .edu.tw			OK
    av.com			REJECT
    192.168.2.  		REJECT
    # OK ܥi^A REJECT hܩʎC
    
    [root@www ~]# postmap hash:/etc/postfix/access
    [root@www ~]# ls -l /etc/postfix/access*
    -rw-r--r--. 1 root root 19648 2011-08-09 14:05 /etc/postfix/access
    -rw-r--r--. 1 root root 12288 2011-08-09 14:08 /etc/postfix/access.db
    # A|o{ access.db ɮפ~|PBsIo~O postfix ŪI
    

    γoɮ׳]w̤jnBOAAsŰ postfixAunNƮwإߦnA ߨNͮĤFIoɮR䥦i픥\AAiHۦiJMɮ׬d\NDFCOi픳]wRݭn main.cf LӋ]w~IpGue $mynetworks ]wȮɡAAuQ access.db 覡Ӷ} relay OӤwCLAܤ֥LiHڭ̪]w̔oI ^_^


    pADϥ22.2.7 ]wlOWG /etc/aliases, ~/.forward

    Q@QAADḘOܦhtbܡHҦp named, apache, mysql...A HoDZb檺{YToͮɡAL|NMTH email 覡ǵ֡HRMNOǵ named, apache... αbۤvaC LAA|o{oǨtbTOᵹ rootI oO]LtbèSKXinJA۵M]NLk^lFAҥHYlNt޲zoCLA̪ MTA 򪾹DoǫHnǵ root HoNon aliases oӶlOW]wɨӳBzTI


    • lOW]wɡG /etc/aliases

    bA /etc/aliases ɮפAA|o{UrˡG

    [root@www ~]# vim /etc/aliases
    mailer-daemon:  postmaster
    postmaster:     root
    bin:            root
    daemon:         root
    ....(Uٲ)....
    

    OyOWzkOyڦsbϥΪ̱bΪ̬O email addresszI NOzLoӳ]wȡAҥHڭ̥iHNҦtbݪHqqᵹ root [InAڭ̲{bNLXjơApA MTA @ڪbW٬ dmtsai AoӨϥΪRQnϥ dermintsai oӦW٨ӦLHA AiHo˰G

    [root@www ~]# vim /etc/aliases
    dermintsai:     dmtsai
    # OAB~ҳ]wAkhO^oʫHbI
    
    [root@www ~]# postalias hash:/etc/aliases
    [root@www ~]# ll /etc/aliases*
    -rw-r--r--. 1 root root  1535 2011-08-09 14:10 /etc/aliases
    -rw-r--r--. 1 root root 12288 2011-08-09 14:10 /etc/aliases.db
    

    qᤣAO dmtsai@www.centos.vbird RO dermintsai@www.centos.vbird |NH /var/spool/mail/dmtsai oӫHcSIܤKaI


    • /etc/aliases RΤ@G@bi^ root H

    ]AOt޲zAӧA`Ϊ@b dmtsaiAOtXhɪnHOH root [A root H󤣯Q^Ū....ҥHApG^Ny root H]茱H@ dmtsai zܡA NӦnFIiHFܡHSMiHIAiHo˰G

    [root@www ~]# vim /etc/aliases
    root:		root,dmtsai  <==mijoRgkI
    # H|ǵ root P dmtsai oӱbI
    
    root:		dmtsai       <==pG dmtsai AO޲zH
    # q root HFA dmtsai ^I
    
    [root@www ~]# postalias hash:/etc/aliases
    

    WAiHܤ@ϥΡAݬ root nnOdLH󳣥iHImijϥβĤ@R覡A]oˤ@ӡA A dmtsai iH root HAB root ۤv]iHyQz@bLHcAwTI


    • /etc/aliases RΤGGoesœHH\

    Q^@ӱpApGAOժѮvAAMua@Zf͡AOyC~@ZzɡApG@ѧAnNHoҦ͡A bg email AYɡAiN|YF (]pHWxӦhF)IoӮɭԧAiHo˰G (]DEWͪb std001, std002... )

    [root@www ~]# vim /etc/aliases
    student2011:	std001,std002,std003,std004...
    
    [root@www ~]# postalias hash:/etc/aliases
    

    p@ӥunHHoDE student2011 oӤsbbɡAMʫHN|QOsUӱbYhA ޲zWO_ܤK[I ^_^IWAlOWFgۤvDEWΤᤧ~AAiHg~DE email I ҦpAnNE dermintsai ӤsbΤ᪺H󰣤Fǵ dmtsai ~ARn~Ǩ dmtsai@mail.niki.centos.vbird ɡAiHo˰G

    [root@www ~]# vim /etc/aliases
    dermintasi:	dmtsai,dmtsai@mail.niki.centos.vbird
    
    [root@www ~]# postalias hash:/etc/aliases
    

    ܤKaIh\NݱzۦooI

    Tips:
    boѸ̭Admtai aؿëDbW /home UAӬOm /winhome S (ѦҲĤQتm)AҥHھާ@ mail O|XhIoO] SELinux }YIаѦ /var/log/messages Uijʧ@hBzYiI
    mϥ

    • ӤHƪl茻G ~/.forward

    M /etc/aliases iHDڭ̹FlOW]wnBAL /etc/aliases Ou root ~ק諸ɮvA ڭ̤@ϥΪ̦pG]Qnil茻ɡAMpOnHS}YAiHzLۤvaؿU .forward oɮ׳I |ҨӻAڪ dmtsai oӱb^쪺H󰣤FۤvnOd@~ARnǵEW vbird H dmtsai@mail.niki.centos.vbird ɡAAiHo˰]wG

    [dmtsai@www ~]$ vim .forward
    # `NIڲ{b{bO dmtsai oӤ@먭AӥBbLaؿUI
    dmtsai
    vbird
    dmtsai@mail.niki.centos.vbird
    
    [dmtsai@www ~]$ chmod 644 .forward
    

    OooɮפeO@@ӱb ( email) AӥBv譱D`nG

    • MɮשҦbϥΪ̮aؿvA groupBother iHgJvC
    • .forward ɮvA groupBother iHgJvC

    p@ӳoʫHN|}l茻oIçaI ^_^


    pADϥ22.2.8 ԎݫHCTG postqueue, mailq

    ܡA]w즹̪ postfix RMiHRI@p~ mail server γ~FI LAɭԓܳ]DΪ̬ODEDAifPYǫHLkeXӳQȦsbCA ڭ̦pACSǶlOHRAbCSΫݰeXHOpeXOH

    • pGMʫHbLkHXAhq`t|oX@ʡyĵiHzoH̡A iMʶl|LkQHeXhALAt|򪺹HXMʶlF
    • pGb|pɭԤLkHXAt|AoXĵiHoH̡F
    • pGi椭ѳLkNHeXAMʶlN|h^oH̤FI

    SMTAY MTA wgFĵiHHoALhWApGHLkYɱHXh MTA RO|VO 5 ѪApG^UӪ 5 ѳLkeXɡA~|NHh^oH̡C @ӻApG MTA ]wTBSDɡARMOi|HQbCSӶǤXhA ҥHpGo{HbCɡASMonJN@@@oIˬdCekiHϥ mailq A ]iHϥ postqueue -p ˬdG

    [root@www ~]# postqueue -p
    Mail queue is empty
    

    YzlpܮɡA߱zASDlbCSCLpGAN postfix }A ùo@ʫHHANi|X{pUeTG

    [root@www ~]# /etc/init.d/postfix stop
    [root@www ~]# echo "test" | mail -s "testing queue" root
    [root@www ~]# postqueue -p
    postqueue: warning: Mail system is down -- accessing queue directly
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    5CFBB21DB       284 Tue Aug  9 06:21:58  root
                                             root
    -- 0 Kbytes in 1 Request.
    # Ĥ@NFLkHX] Mail system is down TI
    # M~X{LkHXHTI]AӷP؊AI
    

    KXTDnG

    • Queue IDGܦʶlCN (ID)AoӸXO MTA ݪAڭ̬ݤnF
    • Size GoʫHhjeq (bytes) NF
    • Arrival TimeGoʫHɭԶiJCAåBi|LkߧYǰeXh]F
    • Sender/RecipientGeHPH̪qlloI

    WoʫHOmb /var/spool/postfix ̭AѩH󤺮ewgsX MTA ݪƱƦCA ҥHAiHϥ postcat ŪXH󪺤eIҦpo˰ (`NɦWP Queue ID RI)G

    [root@www ~]# cd /var/spool/postfix/maildrop
    [root@www maildrop]# postcat 5CFBB21DB  <==oɦWNO Queue ID
    *** ENVELOPE RECORDS 5CFBB21DB ***     <==Cs[
    message_arrival_time: Tue Aug  9 14:21:58 2011
    named_attribute: rewrite_context=local <==R named (DNS) SʨӦۥE
    sender_fullname: root                  <==oH̪jWP email
    sender: root
    recipient: root                        <==NOoI
    *** MESSAGE CONTENTS 5CFBB21DB ***     <==UhOHڤe[I
    Date: Tue, 09 Aug 2011 14:21:58 +0800
    To: root
    Subject: testing queue
    User-Agent: Heirloom mailx 12.4 7/29/08
    MIME-Version: 1.0
    Content-Type: text/plain; charset=us-ascii
    Content-Transfer-Encoding: 7bit
    
    test
    *** HEADER EXTRACTED 5CFBB21DB ***
    *** MESSAGE FILE END 5CFBB21DB ***
    

    p@ӧANDثeڭ̪ MTA DEh֥eXHAReXH󪺤eA]iHl}FI ܤhAaILApGAQnڭ̪ postfix ߨNoǦbCSHHXhASMpOnH AXӧ@kTAiHsŰ postfix A]iHzL postfix ʧ@ӳBzAҦpG

    [root@www ~]# /etc/init.d/postfix restart
    [root@www ~]# postfix flush
    

    mӤHijϥ postfix flush oIۦѦҬݬݥI ^_^I^UӡAڭ̥ӳBz@UH MRA AA dwAӳBzΤݪϥΪ̤aI


    pADϥ22.2.9 ]m

    ] MTA DnOzL SMTP (port 25) iHǰeȡA]Aw postfix ӻAun port 25 YiI ק@U iptables.rule aI

    [root@www ~]# vim /usr/local/virus/iptables/iptables.rule
    # 쩳Uo@AåBNI
    iptables -A INPUT -p TCP -i $EXTIF --dport  25  --sport 1024:65534 -j ACCEPT
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    

    o˴N Internet zA port 25 ŪoI̔xIdwI


    jADϥ22.3 MRA AG dovecot ]w

    DAQn[] webmail bA MTA WYA_hAA MTA UFHAA`osW MTA hHaH򦬫HnΪOӳqTwH NO 22.1.4 ̭ͨ쪺 pop3 H imap oIoNOҿת MRA AIڭ̪ CentOS 6.x ϥΪO dovecot oӳnӹF MRA }qTwIѩ pop3/imap Rƥ[KAUڭ̴N̾ڬO_[K (SSL) ӳ]w dovecot aI


    pADϥ22.3.1 䪺 POP3/IMAP ]w

    Űxª pop3/imap O̔xTAAonTwwgwUF dovecot oӳnCӳoӳn骺]wɥu@ӡANO /etc/dovecot/dovecot.conf Cڭ̶ȭnŰ pop3/imap ӤwAҥHiHo˳]wYiG

    [root@www ~]# yum install dovecot
    [root@www ~]# vim /etc/dovecot/dovecot.conf
    # 쩳Uo@AjOb 25 楪kaAƻssW@椺epUG
    #protocols = imap pop3 lmtp
    protocols = imap pop3
    
    [root@www ~]# vim /etc/dovecot/conf.d/10-ssl.conf
    ssl = no   <==N 6 令oˡI
    

    粒ANiHŰ dovecot oIåBˬdݬ port 110/143 (pop3/imap) SŰʔ[H

    [root@www ~]# /etc/init.d/dovecot start
    [root@www ~]# chkconfig dovecot on
    [root@www ~]# netstat -tlnp | grep dovecot
    Proto Recv-Q Send-Q Local Address   Foreign Address   State    PID/Program name
    tcp        0      0 :::110          :::*              LISTEN   14343/dovecot
    tcp        0      0 :::143          :::*              LISTEN   14343/dovecot
    

    CIdwIo˴NiHѨϥΪ̨ӦHTIuOh[ILOoAo̥uѰ򥻪X pop3/imap ljKӤwA pGQnŰʨLp pop3s (ljK[KE) wɡANonB~]woI


    pADϥ22.3.2 [K POP3s/IMAPs ]w

    pG߸ƦbljKL{|QѨAΪ̬OAnJT (bPKX) bϥ pop3/imap ɷ|QoA o pop3s/imaps N㪺nTIPe Apache ۦAڭ̳OzL openssl oӳn鴣Ѫ SSL [KEӶiƪ[KljKC覡̔xOIw]pUACentOS wgѤF SSL ҽdɵڭ̨ϥΤFC pGA@IQnϥιw]ҡAڭ̴NӦۤvؤ@ӧaI

    # 1. إ߾ҡGtѪ /etc/pki/tls/certs/ ؿUإߩһݭn pem ɡG
    [root@www ~]# cd /etc/pki/tls/certs/
    [root@www certs]# make vbirddovecot.pem
    ....(eٲ)....
    Country Name (2 letter code) [XX]:TW
    State or Province Name (full name) []:Taiwan
    Locality Name (eg, city) [Default City]:Tainan
    Organization Name (eg, company) [Default Company Ltd]:KSU
    Organizational Unit Name (eg, section) []:DIC
    Common Name (eg, your name or your server's hostname) []:www.centos.vbird
    Email Address []:dmtsai@www.centos.vbird
    
    # 2. ] SELinux DAҥHijN pem ɮשmtw]ؿhΡI
    [root@www certs]# mv vbirddovecot.pem ../../dovecot/
    [root@www certs]# restorecon -Rv ../../dovecot
    
    # 3. }lBz dovecot.confAun pop3s, imaps nXljKI
    [root@www certs]# vim /etc/dovecot/conf.d/10-auth.conf
    disable_plaintext_auth = yes  <== 9 令oˡII
    
    [root@www certs]# vim /etc/dovecot/conf.d/10-ssl.conf
    ssl = required                                <== 6 令o
    ssl_cert = </etc/pki/dovecot/vbirddovecot.pem <==12, 13 ܳo
    ssl_key =  </etc/pki/dovecot/vbirddovecot.pem
    
    [root@www certs]# vim /etc/dovecot/conf.d/10-master.conf
      inet_listener imap {
        port = 0     <== 15 令o
      }
      inet_listener pop3 {
        port = 0     <== 36 令o
      }
    
    # 4. BzB~ mail_location ]wȡIܭnI_hH|ѡG
    [root@www certs]# vim /etc/dovecot/conf.d/10-mail.conf
    mail_location = mbox:~/mail:INBOX=/var/mail/%u <== 30 o
    
    # 5. sŰ dovecot åB[Ԏ port ܤơG
    [root@www certs]# /etc/init.d/dovecot restart
    [root@www certs]# netstat -tlnp | grep dovecot
    Proto Recv-Q Send-Q Local Address  Foreign Address   State    PID/Program name
    tcp        0      0 :::993         :::*              LISTEN   14527/dovecot
    tcp        0      0 :::995         :::*              LISTEN   14527/dovecot
    

    ̜Aݨ쪺 993 O imaps 995 hO pop3s oIoˤ@ӡAAHɭԡAKJbKXNȳQoFI ϥO[K᪺oI̔xaI


    pADϥ22.3.3 ]m

    ]WmߤAڭ̱N pop3/imap }A茦ӥ} pop3s/imaps FA]Űʪf|@ˡI Ш̾ڱzڪרҨӳ]wAһݭn~nCڭ̳o̥DnO} 993, 995 ӰfI BzkP 22.2.9 SG

    [root@www ~]# vim /usr/local/virus/iptables/iptables.rule
    # jb 180 楪kAsWUhI
    iptables -A INPUT -p TCP -i $EXTIF --dport 993  --sport 1024:65534 -j ACCEPT
    iptables -A INPUT -p TCP -i $EXTIF --dport 995  --sport 1024:65534 -j ACCEPT
    
    [root@www ~]# /usr/local/virus/iptables/iptables.rule
    

    pGA pop3/imap ROMw[KܡAбNW 993/995 令 143/110 YiI


    jADϥ22.4 MUA nGΤݪoHn

    ]w Mail server OӦnݪASMOnnnRΥLoIR mail server RDn覡AAiH^nJ Linux DEӾާ@ MTA ASM]iHzLΤݪ MUA nӦoHAUڭ̤OoR覡oI


    pADϥ22.4.1 Linux mail

    b Unix like @~tS|s@iHi榬oH󪺳nANOy mail zoӫOCoӫOO mailx oӳnҴѪAҥHzonwUoӳn~Ct~Aѩ mail O Linux t\AҥHYϧA port 25 (smtp) SŰʡALROiHϥΪAuOMʶlNu|QCAӵLkHXhoI^_^IUڭ̨ӽͤ@ͳ̔x mail Ϊka


    • mail ^srlPHH

    mail Ϊk̔xANOQΡy mail [email address] z覡ӱNHHXhA [email address] iHO~l}A]iHOEbCpGOEbܡAiH^[bW٧YiC ҦpGy mail root zΡy mail somebody@his.host.name zCpGO~HHɭԡA Hw]y Mail from zN|g main.cf myorigin ӋDEWoI ӄݬݧaIH dmtsai@www.centos.vbird G

    [root@www ~]# mail dmtsai@www.centos.vbird
    Subject: Just test        <==o̐gHAD
    This is a test email.     <==UH󪺤eI
    bye bye !
    .                         <==`NAo@upӋIINKJNI
    

    o˴NiHNHHXhFIt~A mail server OiH^ IP HHA|ҨӻG mail dmtsai@[192.168.100.254] AOo IP nΤA]_ӡCLѩUl󪺼vTA {boR覡XGLk\NHHXFC


    • QΤwgBzܪy¤rɡzHXH

    oiOy󧨱az覡I]b mail oӵ{̭sHOӫܵhWtơA A^WUkgӦ^s観h~aAܶ˸Cɧڭ̥iHzLAljKJӳBzI pGAѰOy < zNNqAЦ^gĤQ@ bash shellƬyfV@@I|ҨӻAnNaؿ .bashrc HOHAiHo˰G

    [root@www ~]# mail -s 'My bashrc' dmtsai < ~/.bashrc
    

    • }ld\^H

    HHR̔xA򦬫HOHP˪HROϥ mailC^bܦrKJ mail ɡA|DʪϥΪ̦b /var/spool/mail UlHc (mailbox)AҦp dmtsai oӱbbKJ mail AN|N /var/spool/mail/dmtsai oɮתeŪXӨܨ݁WAGpUG

    # `NIUϥΪO dmtsai oӥΤӾާ@ mail oӫOI
    [dmtsai@www ~]$ mail
    Heirloom Mail version 12.4 7/29/08.  Type ? for help.
    "/var/spool/mail/dmtsai": 10 messages 10 new <==HcӷPsHӋ
    >N  1 dmtsai@www.centos.vb  Mon Aug  8 18:53  18/579   "from vbird"
    ....(ٲ)....
     N  9 root                  Tue Aug  9 15:04  19/618   "Just test"
     N 10 root                  Tue Aug  9 15:04  29/745   "My bashrc"
    &  <==oӬO mail n骺ܦrAiHKJ ? ԎݥiΫO
    

    bWeA dmtsai @ʫHAB|WMH󪺵oH̻PADΦHɶΡCAiHΪOoǡG

    • ŪHG (^ Enter ΉKJӋr enter)
      ݨy > zӲŸaIܥثe mail ҦblmAAiH^KJ Enter YiݨMʫH󪺤eI t~AA]iHby&z᪺AmKJXANiHMʫH󪺤eFI(GpG EnterAh|ۡy > zŸҦblvVŪCʫH󤺮eI)

    • ܊ADG (^ӋJ h ΉKJ h Ӌr)
      Ҧp 100 ʫHAn 90 ʥkHADANKJy h90 zYiC

    • ^lG (^KJ R )
      pGn^ثey > zŸҦblA^Uy R zYiiJeL mail rseoIAiHsHǦ^hoI

    • RlG (KJ d Ӌr)
      Uy d## zYiRlIҦpڭnR 2 ʶlAiHKJy d2 zpGOnR 10-50 ʶlAiHKJy d10-50 zӧRIаOoApGRl󪺸ܡAm} mail box ɡAnϥΡy q z~I

    • xslɮG (KJ s Ӌr ɦW)
      pGnNlƦsUӡAiHKJy s ## filename zAҦpڭnNW 10 ʶlsUӡAiHKJy s 10 text.txt zYiNĤ@ʶl󤺮es text.txt oɮסI

    • m} mailG (KJ q x )
      nm} mail iHKJ q Ϊ̬O xAЪ`NyKJ x iHb mail box pUm} mail {AާA観Sϥ d RơFϥ q ~|NRƲCz]NOApGAQ mail box Nϥ x exit m}ApGQnϭ貾ʧ@ͮġANnϥ q TI

    • ШDUG
      } mail NΪkiHKJ help NiH{ثe mail Ҧ\I

    WO̔ mail H\ILAڭ̼gNH茦sUӪܡAMpŪMHOHҦpŪO text.txt lHcCiH̔xϥγoӤ覡ŪG

    [dmtsai@www ~]$ mail -f ~/text.txt
    

    • Hy󧨱az覡HH

    e쪺OH󪺤eA򦳨SiHyz覡ӶǻɮסHOiHALAݭn uuencode oӫODAb CentOS SoӫOݩ sharutils AХQ yum ӦwULaI^UӧAiHo˨ϥΡG

    [root@www ~]# [Q uuencode sX ] | [Q mail HXh]
    [root@www ~]# uuencode [ɮ] [H󤤪ɦW] | mail -s 'AD' email
    
    # 1. N /etc/hosts H󧨱a覡H dmtsai
    [root@www ~]# uuencode /etc/hosts myhosts | mail -s 'test encode' dmtsai
    

    o˴NHXhFALApGUoʫHOHP˪ڭ̱onzLXӶX[I AoNMɮצsUӡAMo˰G

    # UiO dmtsai oӥΤI
    [dmtsai@www ~]$ mail
    Heirloom Mail version 12.4 7/29/08.  Type ? for help.
    "/var/spool/mail/dmtsai": 11 messages 1 new 8 unread
        1 dmtsai@www.centos.vb  Mon Aug  8 18:53  19/590   "from vbird"
    ....(ٲ)....
     U 10 root                  Tue Aug  9 15:04  30/755   "My bashrc"
    >N 11 root                  Tue Aug  9 15:12  29/1121  "test encode"
    & s 11 test_encode
    "test_encode" [New file] 31/1141
    & exit
    
    [dmtsai@www ~]$ uudecode test_encode -o decode
                                 [K         KX
    [dmtsai@www ~]$ ll *code*
    -rw-r--r--. 1 dmtsai dmtsai  380 Aug  9 15:15 decode      <==X᪺T
    -rw-rw-r--. 1 dmtsai dmtsai 1121 Aug  9 15:13 test_encode <==|ýX
    

    M mail oӫOOnΪALܤ֥LiHѧڭ̦b Linux ¤rҦU@̔xoH\I LAثeӧΪNסANO mutt oNoI


    pADϥ22.4.2 Linux mutt

    mutt FiH[ mail oӫO~ALR^zL pop3/imap whŪ~HIҥHoåuܤI ڭ̨Ӫ mutt oӦnaIb}lUʧ@eAШϥ yum install mutt wUnaI


    • ^H mutt iHeH󪺰ʧ@Gtֳt󧨱a

    mutt \]ܦhAڭ̥Ӭݬ mutt 򥻻yknFAAӶ}limߧaI

    [root@www ~]# mutt [-a [] [-i ] [-b Kƥ] [-c @ƥ] \
    >  [-s HAD] email}
    ﶵPӋG
    -a [ɡG᭱NOAQnǰeBͪɮסAO[ɮסAOH󤺮eI
    -i ɡGNOH󪺤AsgɮצӤwF
    -b KƥG즬̤DoʫHR|H᭱ӯKƥ̡F
    -c @ƥG즬̷|ݨoʫHRǵ즬̡F
    -s HADGoRݭnܡHoʫHAYI
    email}GNO즬̪ email oI
    
    # 1. ^uWsgHAMH dmtsai@www.centos.vbird oӥΤ
    [root@www ~]# mutt -s '@ʴH' dmtsai@www.centos.vbird
    /root/Mail sbCإ߶ܡH ([yes]/no): y  <==Ĥ@Τ~|X{oӰT
    To: dmtsai@www.centos.vbird
    Subject: @ʴH
    HKggIHKݬݡI  <==|iJ vi esIܴΡI
    
    y:HX  q:_  t:To  c:CC  s:Subj  a:[ɮ  d:ԭz  ?:DU <==U y HX
        From: root <root@www.centos.vbird>
          To: dmtsai@www.centos.vbird
          Cc:
         Bcc:
     Subject: @ʴH
    Reply-To:
         Fcc: ~/sent
    Security: M
    
    -- 
    - I     1 /tmp/mutt-www-2784-0      [text/plain, 8bit, utf-8, 0.1K]
    
    # 2. N /etc/hosts SH󤺮eH dmtsai@www.centos.vbird oӥΤ
    [root@www ~]# mutt -s 'hosts' -i /etc/hosts dmtsai@www.centos.vbird
    # Oo̜b vim UnU :wq xsHXI
    

    P mail uWsgr@ˡAmutt M|Is vi AhsAHIp@ӡASMݭnwsgH󤺤FI ouOHPD`}ߔ[IӥBӵeD`\ơISeBzOIpGݭn󧨱aOHרOa binary program ɡAiHo˰G

    # 1. N /usr/bin/passwd S󧨱aAH dmtsai@www.centos.vbird Τ
    [root@www ~]# mutt -s '' -a /usr/bin/passwd -- dmtsai@www.centos.vbird
    To: dmtsai@www.centos.vbird
    Subject: 
    LOӪI
    
    y:HX  q:_  t:To  c:CC  s:Subj  a:[ɮ  d:ԭz  ?:DU  <== y eX
        From: root <root@www.centos.vbird>
          To: dmtsai@www.centos.vbird
          Cc:
         Bcc:
     Subject: 
    Reply-To:
         Fcc: ~/sent
    Security: M
    
    -- 
    - I   1 /tmp/mutt-www-2839-0       [text/plain, 8bit, utf-8, 0.1K] <==
      A   2 /usr/bin/passwd          [applica/octet-stre, base64, 31K] <==[
    

    ݨW󩳤UܡHI NO^bH󤺪AA ~O[ɮסIoˬ݁FܡH LAQnϥ mutt Ӫ[ɮ׮ɡAnU`Nƶ~G

    • y -a filename zoӿﶵObO̫᭱ApGWzOgGy mutt -a /usr/bin/passwd -s "" ... zNI|ѪI
    • bɦWP email }ݭn[Wӳsy -- z~IpPWOҼˡI


    • H mutt ŪPqTwHc

    P mail UAmutt iH^zL pop3, imap γqTwŪHAOSuq@ӥ\བྷI ܤ։m\ounΡIUP˪A@@iHϥΪykAMAӬݬݤ@ǽmߡC

    [root@www ~]# mutt [-f Hcm]
    ﶵPӋG
    -f HcmGpGO imaps HcAiHoˡGy -f imaps://AIP z
    
    # 1. ^ dmtsai ŪEHceG
    [dmtsai@www ~]$ mutt
    q:m}  d:R  u:ϧR  s:xs  m:H  r:^  g:sœ  ?:DU                
    ....(ٲ)....
      11 O + Aug 09 root            (  12) test encode
      12 O + Aug 09 root            (   1) @ʴH
      13 O + Aug 09 root            (   8) hosts
      14 O + Aug 09 root            ( 604)                                      
    
    ---Mutt: /var/spool/mail/dmtsai [Msgs:14 Old:11 74K]---(date/date)-------(all)--
    
    # 2. bWH 14 eϥիA^U Enter |X{pUeIG
    i:m}  -:W@  <Space>:U@ v:ܪC  d:R  r:^  j:U@ ?:DU  
    Date: Tue, 9 Aug 2011 15:24:34 +0800
    From: root <root@www.centos.vbird>
    To: dmtsai@www.centos.vbird
    Subject: 
    User-Agent: Mutt/1.5.20 (2009-12-10)
    
    [--  #1 --]
    [-- RGtextplainAsXG8bitAjpG0.1K --]
    
    LOӪI          <==H󪺤
    
    
    [--  #2: passwd --]     <==H󪺪󧨱a
    [-- RGapplicationoctet-streamAsXGbase64AjpG41K --]
    
    [-- application/octet-stream |䴩 ] 'v' ܳo^ --]
    
    -O +- 14/14: root                                                   -- (all)
    
    # 3. bWeU v A|X{}ơG
    q:m}  s:xs  |:޽u  p:  ?:DU
      I     1 <no description>                        [text/plain, 8bit, utf-8, 0.1K]
      A     2 passwd                                [applica/octet-stre, base64, 41K]
    # ϥճBU s N^xs[ɮoI
    

    ̫m}ɡA@U q AMѦҥX{TӳBzYioNOEH󪺦H覡ID`̔xI [ɮתxs譱]ܮeAuOD`}ߔ[IpGO~HcOH|ҨӻAڥ root h dmtsai imaps HA|O˪pOH

    # 1. bAݥn mail oӸsœ^ϥ dmtsai aؿAҥHnoˡG
    [dmtsai@www ~]$ chmod a+x ~
    
    # 2. }lbΤݵnJ imaps Ao dmtsai slPlƧ
    [root@www ~]# mutt -f imaps://www.centos.vbird
    q:m}  ?:DU                                                            
    oӇՙݩG
       www.centos.vbird  dmtsai@www.centos.vbird
       KSU
       DIC
       Tainan  Taiwan  TW
    
    oӇՙo̡G
       www.centos.vbird  dmtsai@www.centos.vbird
       KSU
       DIC
       Tainan  Taiwan  TW
    
    oӇՙ
        Tue, 9 Aug 2011 06:45:32 UTC
          Wed, 8 Aug 2012 06:45:32 UTC
    SHA1 Fingerprint: E86B 5364 2371 CD28 735C 9018 533F 4BC0 9166 FD03
    MD5 Fingerprint: 54F5 CA4E 86E1 63CD 25A9 707E B76F 5B52
    
    -- Mutt: SSL Certificate check (certificate 1 of 1 in chain)              
    (1)^A(2)uOo^A(3)íh^ <==o̭ng 2  3 ~I
    b www.centos.vbird ϥΪ̦W١Gdmtsai
    dmtsai@www.centos.vbird KXG
    

    ̜bKX]wTAAN|ݨڭ̩Ҭݨ쪺HFILn`NOApGAΤaؿbDWؿA i|X{ SELinux h~AoɴNons׭q@UA SELinux w媺oI p@ӡAڭ̴N^HrҦӨolHcIobOD`K@ơIuOSϤíZӤwI ^_^


    pADϥ22.4.3 Thunderbird nΪwx (Windows/Linux X) n

    ۥѳn̤jnB@NOMnjhiHi沾ġA]NOb@~tWXG^Mn骺NC ]ߦۥѳn骺nBNOAA]茂@~tӎߤPާ@IMUA ]ۥѳnINO Mozilla |X ThunderBird (pm) oӦnΪNNAAiHbU}Wc餤媺nG

    ŲثeΤROH Windows @~tjvAҥHUDnOb Windows 7 WYwUP]wDCثe (2011/08) ̷s Thunderbird wgX 5.x FAҥHmHc餤媺 5.x dҨӤoCUܪwUL{mٲFA]@U@BӤwCm^tĤ@Ű Thunderbird AƱjaDUImOH dmtsai@www.centos.vbird oӱbdҨӻI즸Űʷ|X{UϡG

    Ĥ@Ű Thunderbird ܷN
    22.4-1BĤ@Ű Thunderbird ܷN

    ѩOĤ@ŰʡAҥH thunderbird ̭SѧOơCɧAiHgAnb email WHaݨ쪺ơA HΥ]AAnJhݫHcbKXθTCWωmH٬ymzA Email On̬ݨ쪺AKXSMNOۤv~y㐺Uy~zaI

    Thunderbird DʪHΤTnJA
    22.4-2BThunderbird DʪHΤTnJA

    ѩ 22.4-1 KJbPKXTA]Abo@ӨBJAThunderbird |DʪnJhݫHcI LAn^|h~TˤlCpGuhFAЭקbY 1 ADEWAHγqTw}]wȡA UyszATw쪺ƬOTFAAUyإ߱bzΡyi픳]wz(bY4a)YiI pGAܦn_i픳]w̭AIbY 4 aA|X{pUNơG

    ʭקb}Ӌ
    22.4-3Bʭקb}Ӌ

    pWϩҥܡAIA]wءAMhd\@UHA]wO_THYTܡANUTwaI M|X{pUϥܡAnATwO_ϥ Thunderbird @w]qll󦬵onNOFI^ITwiJUӨBJaI

    إ߹w] MUA n
    22.4-4Bإ߹w] MUA nܷN

    ѩ Thunderbird |ϥΧAKJbKXhnJhݦA imaps AȡAҥHN|X{pUϤ@몺ҨoܷNA oɭnHSMOT{ä[xsMҹI̔x[I

    oҪܷN
    22.4-5BoҪܷN

    Tw OKBbKX] OK ܡANiH}lϥ Thunderbird TI`ϥΪϥܦI^oˡG

    Thunderbird `ާ@ܷN
    22.4-6BThunderbird `ާ@ܷN

    pG@\QAARM|ݨpWeFI^ڭ̬dߨ쪺ADWyzlAd\@UeA KKIA|ݨ줺PO OK `TIӥB}ߪOAѩO imaps qTwA] Thunderbird e|PAW /var/spool/mail/dmtsai oӫHcePBI^ POP3 UӴNRAHI uOnnΪn[I ^_^

    Tips:
    Aѩ gmail ΧKOl󪺲Aثes Openwebmail ۥѳn鳣ܤ֤HwUFImWҮɬݨ쪺PA XGϥ gmail, yahoo mail, hotmail Ϊ web MUAAڥSHbΥEݪ MUA FOA YǮɨYǹLɪHROonq web mail WUӡAoɡAThunderbird NWγoI ^_^
    mϥ

    jADϥ22.5 lAi픳]w

    ɦܤAl@DnDwgOfrP}FAjhӋUlhOHΦⱡsiC DbϥΪ̪Wn_ߥHθV|ާ@ߺDAoBzCⱡsihOӨAAQX@ӹLoEA LNϥΥt@EӥAIY檺LoEܡHSiN`HױAuOnR[IҥHAROХΤ᪽^RnC ]Abo@Ӥp`SA}󦬫HLoE譱AmFe@fr˥HΦ۰ʎ߼siEFC pGARO}ݭnAionۦdd}xoInNTI

    t~AUDnw postfix l󦬤ULoBzAHέsoe Relay L{i椶CoӹL{b postfix ]wADnXӭnغ޲zG

    • smtpd_recipient_restrictionsGrecipient O̪NAoӳ]wȥDnb޲zyѥEҦUHz\A]j]wObilLoHάO_iHl󪺷NC ӷiHO MTA MUA NF

    • smtpd_client_restrictionsGclient OΤݪNA]Dnb޲zΤݪӷO_iHC iHNDW mail server ӫHʎIӷSMNO MUA oF

    • smtpd_sender_restrictionsGsender OHHNAiHwHӷ (lA) ӶiRLoʧ@CӷzAWNO MTA TI


    pADϥ22.5.1 lLo@G postgrey iDW mail server UH

    siHܦhO]ѻ͹q (wgQS@tO޲zoSo{ΨSBzDE) ӵoeA oǻ͹qҵoeH󦳭ӫܩ㪺SANOyLu|ǰeMʹqll@A AL\AMʫHNoXhFAGMHNQXCCz LAXk mail server B@y{Np 22.2.8 R@AblLkQHXMl|ȮɩmC@qɶA ä@NHHXʧ@Aw]줭ѫYROLkHX~|NHh^C

    ھڳoӦXkPDklAB@y{ӵoiX@Mҿתƥ (postgrey) nA AiHѦҩUXӻAoӳnG

    򥻤W postgrey Dn\ObOoHӷӤwAYoHӷP@ʫHĤ@HӮɡA postgrey w]|ץLAåBNӷ}O_ӡAb 5 AYMHSǨӤ@ɡA hMH|QUCphiHʎDolAxoeDI ^_^I ATwXkDEhiH}ҿתyզWx (whitelist) zuqLӤסC ҥHALDnOo˶i檺G(Ѧhttp://projects.puremagic.com/greylisting/whitepaper.html)

    1. T{oHӷO_bզWxAYOhHqLF
    2. T{H̬O_bզWxAYOhHqLF
    3. TwoʫHO_wgQO_өOH檺̾ڬOG
      • YLH󪺰OAhNoH}O_ӡAñNHh^F
      • YH󪺰OAOOɶ|WLwɶ (w] 5 )AĥHh^HF
      • YH󪺰OABOɶwWLwɶAhHqLF

    ӹL{̔xӻNOo˦ӤwCLFnֳtF postgrey yOzOAҥHƮwtSOiקKFC B postgrey O perl gAAi]ݭn[Jܦh̪ۨ perl œ~C`ӻAAݭnnܤ֭nG

    • BerkeleyDBG ]A db4, db4-utils, db4-devel γnG
    • PerlG ϥ yum install perl YiF
    • Perl œG perl-Net-DNS O CentOS ѪALSѪiH http://rpmfind.net/hjMUC


    • wUy{G

    ] CentOS xwgѤF@ӳsiHҦuW yum wU覡AAiHѦҡG

    m]AwgUF http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm oӳnBm /root UAMo˰G

    [root@www ~]# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
    [root@www ~]# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
    [root@www ~]# yum install postgrey
    

    Wzʧ@biӋñɮתwUByum ]wɪظmAHγ̜N postgrey zLwU_ӦӤwI Ӭy{̔x줣OI̭nOAAXA yum ]wɳnӦwUNOFI


    • ŰʻP]w覡G

    ] postgrey OB~@ӳnA]ڭROonN@ӪAȨӎŰʡAP postgrey OE socket AȦӫDAȡALuѵE postfix ӧ@@ӥ~A][Ԏ覡äO[Ԏ TCP/UDP suIUڭ̨@@ŰʻP[ԎL{aI

    [root@www ~]# /etc/init.d/postgrey start
    [root@www ~]# chkconfig postgrey on
    [root@www ~]# netstat -anlp | grep postgrey
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Type    State      PID/Program  Path
    unix  2      STREAM  LISTENING  17823/socket /var/spool/postfix/postgrey/socket
    

    W̭nNOӉKX path TI/var/spool/postfix/postgrey/socket OΨӰ{ƥA o]Oڭ̪ postfix nNH浹 postgrey Bz@ӬSnIFoӸƫA^Uӧڭ̤~^}lק postfix main.cf oI

    [root@www ~]# vim /etc/postfix/main.cf
    # 1.  postfix  main.cf D]wɸơG
    # @ӻAsmtpd_recipient_restrictions onʥ[J~|ʹw]ȡG
    smtpd_recipient_restrictions =
       permit_mynetworks,               <==w]ȡA\Ӧ mynetworks ]wȪӷ
       reject_unknown_sender_domain,    <==ʎӷk (ӷ MTA )
       reject_unknown_recipient_domain, <==ʎ (؊A MTA)
       reject_unauth_destination,       <==w]ȡAʎH؊A
       check_policy_service unix:/var/spool/postfix/postgrey/socket
    # IO̫᭱@INOwϥ unix socket ӳs^ postgrey NC
    # ڭR@ǼsiHEASOijzNo postgrey ]wȼgb̫A
    # ]LiHOڭ̳̫@ˇEI
    
    # 2.  postgrey ׬ӋAijN쥻 300  () אּ 60 ΡG
    [root@www ~]# vim /etc/sysconfig/postgrey  <==w]sbAФʫإ
    OPTIONS="--unix=/var/spool/postfix/postgrey/socket --delay=60"
    # IO --delay n״XAw]Ȭ 300 Aڭ̳o̧אּ 60 ΫݡC
    
    [root@www ~]# /etc/init.d/postfix restart
    [root@www ~]# /etc/init.d/postgrey restart
    

    ѩLgXAΫ 5 ɭԷ|Yǥ` mail server ]|Qʎn[A檺HӻAo˦IC ]ACentOS x]ijNoӋȧp@IAҦp 60 YiCϥA`HĤ@HN|QʎA Φh[G]Oo򭫭nFCMAb postfix ]wAw]ȶȦ\E]w (permit_mynetworks) HΩʎDH؊A (reject_unauth_destination)AmھڸgA[JʎH (MTA) kHΩʎ̪kHFA oˤ]^֤@ͤsiHC̜~[J postgrey RC

    n`NOAsmtpd_recipient_restrictions ̭]wOǤIHWy{ӻA unӦ۫HΤAMʫHN|QU|茻AMᤣӷP؊A|QʎAH؊A]|QʎA oǬy{ܤA~}l`H postgrey EBzIo˨wgiHJA@ͼsiHFI ^UӡAڭ̴ݬ postgrey S`B@IЦb~H@ʫH쥻EӧaIҦpH dmtsai@www.centos.vbirdA Md@U /var/log/maillog eݬݡG

    Aug 10 02:15:44 www postfix/smtpd[18041]: NOQUEUE: reject: RCPT from vbirdwin7[192.168.100.30]: 450 4.2.0 <dmtsai@www.centos.vbird>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/www.centos.vbird.html; from=<dmtsai@www.centos.vbird> to=<dmtsai@www.centos.vbird> proto=ESMTP helo=<[192.168.100.30]>

    mƥ permit_mynetworks ~}lAܫSN permit_mynetworks [^Ӥ~nIoˤ~ݨWzơC o postgrey wg}lQB@FIåBӷDE}O]wgOb /var/spool/postfix/postgrey/ ؿUoIp@ӱz postfix NiHzL postgrey Ӿױ@W䧮siHoI


    • ]wިզWxG

    L postgrey ]OIA򻡩OH] postgrey w]|NHh^hAҥHAHNi|oͩ𪺰DA 𪺮ɶiOӋӋpɡAݬݧA MTA ]wөwCpGAQnyYǫHlDEݭngL postgrey EzɡANon}զWxoI

    զWx}Ť]̔x[A^sg /etc/postfix/postgrey_whitelist_clients oɮקYiC ]AnmlAiHۥѪNHHA MTA ܡAAiHboɮפ[Jo@G

    [root@www ~]# vim /etc/postfix/postgrey_whitelist_clients
    mail.vbird.idv.tw
    www.centos.vbird
    # NDEWټgihaI
    
    [root@www ~]# /etc/init.d/postgrey restart
    

    pGARhH MTA AܡANLgJoɮSILNiHL postgrey RoI i픪ΪkNonazۤvhooI ^_^


    pADϥ22.5.2 lLoGG}¦WxE

    ROo 22.1.5 쪺 Open Relay DaHA MTA idUন Open Relay pA_hAPyHΡzvTܤjI@ӻAunO Open Relay l MTA |QCJ¦WxSA ҦpxWaϪN¦WxHκں|WѪ¦WxƮwG

    JM¦WxƮw̭ mail server NODlDEAS¦Wx̭DEQnڪ mail server suɡASMiHyXzhMHODIzzOaI ҥHӦ۶¦WxΪ̬Oneܶ¦WxH̦nOn^TI

    zSMiHۦeMNDDECL[JۤvlDEESA LNOӤHʤơIJMں|wgѤF¦WxƮwFAڭ̴NiHQγoӸƮwө׹I bMwO_i Relay eAnDڭ̪ postfix el}¦WxƮwA Y؊A IP ΥDEW٬O¦Wx@Ahڭ̴NNMHʎoI

    Postfix ]w¦Wxˇu̔xAAuno˰YiG

    [root@www ~]# vim /etc/postfix/main.cf
    smtpd_recipient_restrictions =
       permit_mynetworks,
       reject_unknown_sender_domain,
       reject_unknown_recipient_domain,
       reject_unauth_destination,
       reject_rbl_client cbl.abuseat.org,
       reject_rbl_client bl.spamcop.net,
       reject_rbl_client cblless.anti-spam.org.cn,
       reject_rbl_client sbl-xbl.spamhaus.org,
       check_policy_service unix:/var/spool/postfix/postgrey/socket
    # Ъ`Nӳ]wȪǤ~nIb postgrey eˬdO_¦WxI
    
    smtpd_client_restrictions =
         check_client_access hash:/etc/postfix/access,
         reject_rbl_client cbl.abuseat.org,
         reject_rbl_client bl.spamcop.net,
         reject_rbl_client cblless.anti-spam.org.cn,
         reject_rbl_client sbl-xbl.spamhaus.org
    # oӳ]wثhOPΤݦ}]wIʎΤݥNO¦Wx@I
    
    smtpd_sender_restrictions = reject_non_fqdn_sender,
       reject_unknown_sender_domain
    # ثhbפe̥DEkoIP DNS }YI
    
    [root@www ~]# /etc/init.d/postfix restart
    

    WSSryreject_rbl_clientzO postfix @ӳ]wءA᭱iH^ںWѪ¦WxI zon`NOAoӶ¦WxƮwi|ܰʡAбzH dig 覡ˬdCӸƮwO_usbA pGsb~[H]wbzDEWY[I(]ںWYܦhmҴѪ¦WxƮwGwgAAȪˤlI)


    • ˬdAlAO_b¦WxSH

    JM¦WxƮwҰOOw諸ӷP؊A MTA Az MTA SM̦nnbMƮwI PɳoǸƮwq`]˴\AҥHA]iHM\ˬdADEO_yOסzOH AiHo˳BzG

    1. O_wb¦WxƮwG
      T{k̔xA^yhttp://cbl.abuseat.org/lookup.cgi zKJzDEW٩Ϊ̬O IP ANiHˬdO_wgb¦WxSF

    2. O_㦳 Open RelayG
      pGnADES Open Relay A^yhttp://rs.edu.tw/tanet/spam.html zoӺA boӺ̤UiHKJA IP ˬdA`NAnϥΧOH email IP oI MDE|oX@ mail HݬݧA mail server ||DʪN茡A MNG^NzCn`NOA^Ǫi঳sXDApGX{ýXɡAнվ㬰 big5 sXYiC

    3. p󲾰G
      pGQˬdXAzDEwgb¦WxSAХߨN Open Relay \}AﵽA Mail Server AAiRnUӥDn Open Relay i沾u@CpGONܡA лPzx쪺޲zpCܩ@`¦WxƮwhq`|DʪDzAuLݭn@ǮɶNOFC

    `znTwAb¦WxSAB̦nN¦WxӷʎIdwI ^_^


    pADϥ22.5.3 lLoTG䪺lLoE

    bʫHǰey{SAΤݭYqLDEA̜RMiHFlCSC ӥѦCSneXhΪ̬O^e mailbox NonzL MDA BzCMDA iH[ܦhEOI רOLiHLoYǯSrsiHίfrHOI MDA iHzLRʫH󪺤e (]AAYHΤ) ^D}grAMMwoʫHyRBzI

    ̪ postfix wgإiHRAYΪ̬O媺LoEFANO /etc/postfix/ ؿU header_checks H body_checks oɮה[Ibw]pUoɮפ|Q postfix ϥΡA AݭnΩU]wӎťΥLG

    [root@www ~]# vim /etc/postfix/main.cf
    header_checks = regexp:/etc/postfix/header_checks
    body_checks = regexp:/etc/postfix/body_checks
    #  regexp NOyϥΥWܪkzNTI
    
    [root@www ~]# touch /etc/postfix/header_checks
    [root@www ~]# touch /etc/postfix/body_checks
    [root@www ~]# /etc/init.d/postfix restart
    

    ^UӧAݭnۦBz header_checks H body_checks Wh]wAb]weбzT{y AWܪkOx z~I]ܦhTݭnzLWܪkӳBzTIM}l]w̾ڬOG

    • unO # NM欰AtΪ^LF
    • bw]WhSAjpgOۦPF
    • Wh]wkG
      /Wh/   ʧ@   ܦbnɸ̭T
      Ъ`NAnϥΨӱ׽uy / zNWh]_ӳI|ӨҤlӻGҦpڷQn (1)ױAD A funny game HA(2)åBbnɸ̭ drop header denyAhiHb header_chekcs ɮפiHo˼gG
      /^Subject:.*A funny game/   DISCARD  drop header deny
    • }ʧ@UXӰʧ@G
      • REJECT GNMʫHh^oH̡F
      • WARN GNH󦬤UӡAONMʫH򥻸ưObnɤF
      • DISCARDGNMʫHAäoH̦^RI

    mۤv@@dzWhAuL.....įणnIpGzêܡAiHۦUӬݬݡA LAϥΪGЦۦI]CӤH쳣@˹I

    OoApGAۦקLoɮ׫Aȥnˬd@Uyk~I

    [root@www ~]# postmap -q - regexp:/etc/postfix/body_checks \
    >  < /etc/postfix/body_checks
    

    pGSX{h~ANܱz]wRMSDTIt~AA]iHϥ procmail oөתp{ӳBzC LAm\o procmail bjlDESARL{ӹLczA|ӫܦh CPU 귽A]ӳSϥγoNFC


    pADϥ22.5.4 DHӷ RelayG} SMTP {

    b 22.1-1 y{SA MUA zL MTA ӱHoH (㦳 Relay ʧ@)AzAW MTA ݭn}HΤӷ~AoNOԣڭ̥ݭnb main.cf Y]w smtpd_recipient_restrictions ӳ]wت]F (mynetworks)ILH`KɭԡA|ҨӻApGAΤݨϥΪOD^ ADSL ҥHCo IP DTwApAΤϥΧA MTA HꐷЬOaHoӮɭ SMTP {ҩγ\IDUC

    O SMTP OHNOAbQnϥ MTA port 25 (SMTP w) ɡAonKJbKX~^ϥΪNIJMFoӻ{Ҫ\AOGAANiHγ]w MTA HΤᶵءI|ҨӻAbش쪺UAAiHγ]w mynetworks oӳ]wȔ[IŰ SMTP {ҡAAΤݭnKJbK~ Relay oIp SMTP 䴩{ҡH̪ CentOS wgѤت{ҼœANO Cyrus SASL oӳn骺DTI

    Cyrus SASL (http://cyrusimap.web.cmu.edu/) O Cyrus Simple Authentication and Security Layer YgALO@ӻUnCb SMTP {Ҥ譱ACyrus DnѤF saslauthd oӪAȨӶibKXʧ@I]NOGSHQnil茻\ɡA Postfix |p saslauthd ШNˬdbKXAYqLh\Τݶ}l茱HHC

    nFApGAQnϥγ̔x覡ANO^zL Linux ۤvbKӶi SMTP {ҥ\AӤϥΨLp SQL Ʈw{ҮɡAb CentOS SARMno˰G

    1. wU cyrus-sasl, cyrus-sasl-plain, cyrus-sasl-md5 γnF
    2. Ű saslauthd oӪAȡF
    3. ]w main.cf postfix iHP saslauthd pôF
    4. ΤݥݭnbHHɳ]wylDE{ҡz\C

    p@ӥΤݤ~^Ű SMTP AUTH I}nwU譱AШϥ yum ^wUaIAhoIUڭ̥юŰ saslauthd oӪAȶ}lͰ_aI


    • Ű saslauthd AȡGi SMTP Xҥ\

    saslauthd O Cyrus-SASL Ѫ@ӱbKX޲zEAL^i殼hƮwҥ\A Lo̧ڭ̶Ȩϥγx̔xX (PLAIN)IpGڭ̷Qn^ϥ Linux tWϥΪ̸TA ]NO /etc/passwd, /etc/shadow ҰObKX}TɡAiHϥ saslauthd Ѫy shadow zoEA SM]ϥΡy pam zTIh saslauthd su MTA EСy man saslauthd zӬd\aC ѩڭ̪bKiӦۺL NIS AA]o̫ijiHϥ pam œI

    saslauthd ŰʯuOn̔xAAݭnܱKX޲zEAoӥiHϥΩU覡BzG

    # 1. AA saslauthd 䴩DZKX޲zEG
    [root@www ~]# saslauthd -v
    saslauthd 2.1.23
    authentication mechanisms: getpwent kerberos5 pam rimap shadow ldap
    # WCSrNO䴩Iڭ̭n^ Linux EϥΪ̸TA
    # ҥH pam YiASM]^ϥ shadow TC
    
    # 2. b saslauthd ]wɤAw pam EG
    [root@www ~]# vim /etc/sysconfig/saslauthd
    MECH=pam  <==o]Ow]Ȕ[I
    # o]Ow]ȡABͳwxª shadow EA]iHTI
    
    # 3. NŰʧaI
    [root@www ~]# /etc/init.d/saslauthd start
    [root@www ~]# chkconfig saslauthd on
    

    ڭ̥ݭni Cyrus oөNNϥΨӴ SMTP AȪ{Ǭ saslauthd ~A]wk̔xG

    [root@www ~]# vim /etc/sasl2/smtpd.conf
    log_level: 3                <==nɸTίŪ]wA]w 3 Yi
    pwcheck_method: saslauthd   <==NOܤAȨӭtdKX[
    mech_list: plain login      <==䴩EǤNI
    

    ڭ̥iHϥ mech_list CXSw䴩ECӥB saslauthd Oӫ̔xbKX޲zAȡAAXGݭni椰B~]wA^ŰʥLNͮĤFIuOnKI ^_^


    • main.cf ]wءG postfix 䴩 SMTP

    ڭ̪ postfix MpBzOH]wu̔xAuno˰NnFG

    [root@www ~]# vim /etc/postfix/main.cf
    # bɮ׳̫᭱W[oǻP SASL }]wơG
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    # M relay }]wءAW[@q\ SMTP {ҪrˡG
    smtpd_recipient_restrictions =
         permit_mynetworks,
         permit_sasl_authenticated,  <==Ibo̡I`NǡI
         reject_unknown_sender_domain,
         reject_unknown_recipient_domain,
         reject_unauth_destination,
         reject_rbl_client cbl.abuseat.org,
         reject_rbl_client bl.spamcop.net,
         reject_rbl_client cblless.anti-spam.org.cn,
         reject_rbl_client sbl-xbl.spamhaus.org,
         check_policy_service unix:/var/spool/postfix/postgrey/socket
    
    [root@www ~]# /etc/init.d/postfix restart
    

    W} SASL UӶتNqOo˪G

    • smtpd_sasl_auth_enable
      NO]wO_nŰ sasl {ҪNApG]wŰʫ postfix |DʥhJ cyrus sasl 禡wA M禡w|̾ /etc/sasl2/smtpd.conf ]wӳs쥿T޲zbPKXAȡC

    • smtpd_sasl_security_options
      ѩ󤣷QnΦW̥iHnJϥ SMTP Relay \AOoӶؤun]w noanonymous YiC

    • broken_sasl_auth_clients
      oӬOw玲DW MUA ]wءA]n}oΦb}o MUA ɨSѦҳqTwAǡA ҥHyb SMTP {Үɥi|oͪ@ǧxZCoǦD MUA Ҧp MS outlook express ĥ|NOoˡI ӪRMSoӰDCҥHoӳ]wȧA]iHn]wI

    • smtpd_recipient_restrictions
      ̭nNOoTIڭ̪ sasl {ҥiHbĤGAbkoӥiHk᭱[H{ҡC W]wNqOGk MUA ݭn{Ҥ]^i relay AӫDϺLӷ~ݭni SMTP {ҤNC

    ]wܤ]sŰ postfix Aڭ̥ӴݬݬO_uѻ{ҤFH

    [root@www ~]# telnet localhost 25
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    220 www.centos.vbird ESMTP Postfix
    ehlo localhost
    250-www.centos.vbird
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-AUTH LOGIN PLAIN    <==Aonݨo~潗I
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    quit
    221 2.0.0 Bye
    


    • bΤݎŰʤ䴩 SMTP Ҫ\GH thunderbird ]w

    JMwgb MTA ]wF SMTP ҡAڭ MUA SMnǰebBKX MTA ~qL SMTP ҹI ҥHAb MUA WNon[W@B~]w~Cڭ̨̂HH Thunderbird ӧ@AХ} thunderbirdAܡyuz-->yb]wz|X{pUeG

    b Thunderbird n餤]w䴩 SMTP Ҫ覡
    22.5-1Bb Thunderbird n餤]w䴩 SMTP Ҫ覡

    Ш̾ڤWϪbYXӫwA (1)SMTP HAFAMܩһݭnH SMTP AAI (3)sA N|X{WϤءC (4)wljKKXAb (5)JAnϥΪbYiC pGnܡAOoΤݤnbkA_hN|gL{Ҫ픬qA]ڭ̪]wHHkuI

    pG@QܡASΤݥH SMTP ӇҮɡAAnRM|X{UT~OG

    [root@www ~]# tail -n 100 /var/log/maillog | grep PLAIN
    Aug 10 02:37:37 www postfix/smtpd[18655]: 01CD43712: client=vbirdwin7
    [192.168.100.30], sasl_method=PLAIN, sasl_username=dmtsai
    


    pADϥ22.5.5 DTw IP lAKѡG relayhost

    ڭ̤WApGAn[]@Xk MTA ̦nROonӽЩTw IP HΥTR϶SC pGA@wnίB IP Ӭ[]A MTA ܡA]OiHTAר䤵~ (2011) ֨쩲wgiF 50M/5Mbps U/WdztפFIASMiHήaxӬ[[IuLANonzLWh ISP ҴѪ relay voIoO^Ɣ[Hڭ̨Ӭݬݤ@ڪרҡG

    RelayhostGQ ISP  MTA il茻
    22.5-2BRelayhostGQ ISP MTA il茻

    SA MTA nǫH󵹥؊A MTA ɡApG^ǵ؊A MTAAѩA IP iODTwA] MTA ȷ|ASOUӷIpGڭ̥iHzL ISP i茻OHqWϥܨӬݡASAnǵ؊A MTA ɡG (1)NH浹p ISPA]AO ISP ȤAq`ӫH|Q ISP ^A]oӮɭԳoʫHN|QA ISP relay XhF (2)Q ISP relay H؊A MTA ɡA|P_OӦۨ ISP MTAASMOXk mail serverA ҥHMʫHN@LðݪQUoI ^_^

    LQnH[cӬ[]A MTA \hݭn`NaG

    • AROon@ӦXkDEW١AYnٸQAiHϥ DDNS ӳBzF
    • AWh ISP ҴѪ MTA ݭnѧAҦb IP relay vF
    • AϥΦۭq DNS [cFA]Ҧ relay H|Qe ISP MTA

    רO̫@IA]Ҧ~eH|Qe ISP BAҥH^ڭ̤eۤv centos.vbird oRDXkZkƴNSΤFIOHAQQݡApGAnNHe www.centos.vbirdA ѩWz relayhost \AҥHoʫH|QǨ ISP MTA ӳBzA ISP MTA ||{ѧA centos.vbirdHo˻AiHzFaH

    OA_ӫo̔xAunb main.cf ̭[]@qƧYiC ]AOxWaϪ hinet ҴѪΤA hinet ѪlDE ms1.hinet.net A hAiH^o˳]wG

    [root@www ~]# vim /etc/postfix/main.cf
    # [JUo@NTI`NӤAI
    relayhost = [ms1.hinet.net]
    
    [root@www ~]# /etc/init.d/postfix restart
    

    AunH@ʫHXhݬݡAN|AoʫHOpHeFCݤ@Unɪe|^oˡG

    [root@www ~]# tail -n 20 /var/log/maillog
    Aug 10 02:41:01 www postfix/smtp[18775]: AFCA53713: to=<qdd@mail.ksu.edu.tw>, 
    relay=ms1.hinet.net[168.95.4.10]:25, delay=0.34, delays=0.19/0.09/0.03/0.03, 
    dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as F0528233811)
    

    OaIgѤWh ISP 茱HTIp@ӡAA MTA P\WNGOXk MTA oI LAiOQγovӉosiH[I]zҳzL ISP lDEiOOA IP ӷA pGAèӪܡAGiO]QIOOI


    pADϥ22.5.6 L]wpޥ

    Feͨ쪺XӥDn]w~A postfix RѤ@Ǥh]wnjaϥΪI ڭ̥iH@Ӥ@ӨӨӬݬݡG


    • xʫHPxӶlHcjp

    bw]pUApostfix i^xʫH̤jeq 10MBytes ALoӋȧڭ̬OiH諸A ʧ@̔xG

    [root@www ~]# vim /etc/postfix/main.cf
    message_size_limit =   40000000
    [root@www ~]# postfix reload
    

    WxO bytesAҥHڱNxʫHi^jpאּ 40MByte NTIЫӧAӳWwoӋȡC ӱqeڭ̭nި /var/spool/mail/account jhOϥɮרt quota ӹFA {b postfix ݭnTIiHo˰G

    [root@www ~]# vim /etc/postfix/main.cf
    mailbox_size_limit = 1000000000
    [root@www ~]# postfix reload
    

    ڵCӤH 1GB Ŷ[I^_^


    • HQGSMTP ۰茱H@QX

    Qڭ̪DiHϥ /etc/aliases ӳBzAOpGQne]QOHQΩU覡YiG

    [root@www ~]# vim /etc/postfix/main.cf
    always_bcc = some@host.name
    [root@www ~]# postfix reload
    

    p@ӥHHXH󳣷|ƻs@ some@host.name ӫHcCLADzqܭ@ljη~EKA åBwgiLҦPA_hioӳ]wȡAmӤH{IpvYI


    • ]wɪvDGvh~|Ű postfix

    oڭ̥H Sendmail xijӻI]AΩ postfix TI 䤤AjObyؿPɮvz]wnDWG

    • нTw /etc/aliases oɮתvAȯѨtHbӭקAq`v 644 F
    • нTw Mail server ŪƮw (hbb /etc/mail/ /etc/postfix/ U *.db ɮ)AҦp mailertable, access, virtusertable ΆΡAȯѨtHϥΪŪAL@yŪAq`v 640 F
    • tCؿ (/var/spool/mqueue /var/spool/postfix) Ȥ\tŪAq`v 700 F
    • нTw ~/.forward oɮתv]]wHid\vA_hz e-mail ƥi|QѨ
    • `A@Τ^ ~/.forward P aliases \ANnϥΡI

    L骺ϥΤWROݭn޲zzhOߡIhh[Ԏnɔ[I


    • QơGP mail }ؿOǡH

    ޤɭԡAQ`OnIpGڬOxª Mail Server ӤwAڻݭnQƦǩOH

    • /etc/passwd, /etc/shadow, /etc/group λPb}ơF
    • /etc/mail, /etc/postfix/ UҦɮ׸ơF
    • /etc/aliases Ά MTA }ɮסF
    • /home UҦϥΪ̸ơF
    • /var/spool/mail Uɮ׻P /var/spool/postfix lCɮסF
    • LpsinBfr˳nΆΪ]wPwqɡC


    • h~ˬdGdXŰ postfix Dy{

    M Mail ܤKAOM|LkNHHXɭԡIpGzwg]wn MTA FAO`OLkNlHXhAiODOHAiHo˰l}ݬݡG

    1. }wtQG
      ҦpAO_SXʺdHO_ӋEXDHO_ hub ]STHO_ѾAȆΆΪI

    2. }ӋDG
      pGsW Internet ĄӪ Mail Server OHҥHХT{Awg`ťΤFI }T{DAЬd\ĤغhӳBzC

    3. }AȪDG
      аȥT{P mail server }fwgQŰʡIҦp port 25, 110, 143, 993, 995 ΆΡAϥ netstat OYiAO_wgŰMAȡI

    4. }󨾤DG
      ܦhɭԡAܦhBͨϥ Red Hat Ϊ̨L Linux distribution Ѫ]wnAGѤFŰ port 25 P port 110 ]wAfPLkoHIЯSOdNoӰDIiHϥ iptables ˬdO_wgťM port OIlаѦĤEب]wI

    5. }]wɪDG
      bŰ postfix Ϊ̬O sendmail AbnSJNݬݦLh~To͡H q`pG]wƤAbnS|Oh~aC

    6. Lɮת]wDG
      (1)pGo{uY domain iHHALP@DE domain LkHAݭnˬd $mydestination ]wȤ~F (2)pGo{lQפUӤFIӥBѬO reject rˡAiQ access צFF (3)pGo{lC (mailq) sbܦhlAiO DNS FAˬd /etc/resolv.conf ]wO_TI

    7. Li઺DG
      ̱`oͪNO{ҪDFIoOѩϥΪ̨Sb MUA W]wyڪlݭn{ҡzﶵTI ХsAΤԒĿaI

    8. RODDMG
      pGROdXDܡAаȥˬdz /var/log/maillog (ɭԬO /var/log/mail Aoӭn /etc/syslog.conf ]w)ASAHX@ʫHɭԡAҦp dmtsai H bird2@www.centos.vbird ɡA maillog ɮ׸̭|ܥXA@欰 from dmtsai @欰 to bird2@www.centos.vbirdA ]NOyڥѭ̦HAӳoʫH|H̥hIzNAѳoNiHADFIרO to @A̭]tFShθTA]AlLkǰeh~]I pGznɤAЮXy߽gz̭yĤQEءB{ѵnz@aI

    jADϥ22.6 I^U
    • qllA]wݭnSOdNAHKQ@siHPUHtOF
    • Mail server ϥΪDEW٦ܤֻݭn A DNS AxAL̦n^㦳 MX AxyAB϶̦nA iHקKj mail server סF
    • lADnO SMTP (̔xlǰew) ӤwALn[]@iQ Thunderbird olAA ̦n^㦳 SMTP H POP3 γqTwF
    • qllǰeADn MUA, MTA, MDA Hγ̜檺 Mailbox ΆΡF
    • qllA̻ݭndwaO Relay \AdUi Open Relay I
    • @ʹqllܤ֧t header H body θƦbF
    • `iHŰ SMTP n馳 sendmail, postfix qmail ΆΡC
    • קKjqsiHAijznN email address bںWAYݭnYǥ\ॲݱNl}bWɡA ̦n^֦Ӷl}A@ӥΨӤ}A@ӫhΨӧ@ۤvDnpΡC

    jADϥ22.7 زD
    • SAQΧA MTA oHɡAGMQhHAhHT (/var/log/maillog) ̥Dnh~Oymail loop to mezA аݥi઺oͭ]γBz覡H
      ioͪ]OѩA MTA ]wؤ譱DEWَh~CP_A MTA DEh IP sbA LAågJ]wɤA]yYǥDEWٵLkQ MTA ^GCb sendmail 譱A AunNݭnDEWټgJ /etc/mail/local-host-names YiApGO postfix Ahb /etc/postfix/main.cf Sק $mydestination ӳ]wاYiC
    • ЦCX| Mail Server }AHΨ\άH
      • Mail Client GlΤݡANOϥ mail ϥΪ̩ҦbqYi٬ mail client F
      • Mail User Agent G@RγnADn\NOlDEqllAHδѨϥΪsPsgl󪺥\F
      • Mail Transfer Agent GbqPa Mail server Internet W Mail server ǰeTPl󪺥DEF
      • Mail Dilivery Agent GDn\NON MTA ҦEHAm쥻EbUlɮפ ( Mailbox )I
    • POP3 P SMTP \ରH
      • SMTP ϥΩ MUA MTA P MTA ljKwAq`ϥ port 25 AunDE䴩 SMTP AåBL relay tXANiHilǻI
      • POP3 iHѨϥΪ̸g MUA MTA UlAPɨåiNlqDEWRI
    • ̔x DNS ̭ MX AxP Mail }YH
      MX recode iHiH mail server g MX H A ( address ) oӰOӶi mail gateway P mail route \I^F쪺@άShI
    • O mailling list Hb postfix UkiH]ѨLnF mailling list \H
      Mailling list NONϥΪ̱H@ӱblɡAMb|DʪNMlǰeҦΤhIIثeqlNIb sendmail UAڭ̥iHzL aliases (ݰtX newaliases) H ~/.forward ӹFI
    • pԎݶlCeAHζlCembH
      ϥ mailq YiDثelCeAӶlCMiHzL sendmail.cf ӭקALAw]pUAOH /var/spool/mqueue lCؿC
    • O Open RelayH
      ҿת Open Relay NOAAoHݨӦۦBAz Open Relay DEiHDoHݱNHoeXhAoӺ٬ Open Relay CpGz mail server 㦳 open relay pAܮeDUl󪺐RA yWeӷlA]ezDEQCJ¦WxSI
    • pGn Postfix iHoӦ۫DE~HAziHק main.cf ̭ӋH
      ݭnb main.cf ̭ק諸ӋDnG
      1. S Client Ӧ۫HkA]NO IP ŦX $mynetworks ]wȮɡF
      2. S Client Ӧ۫HEA]NODEWٲŦX $relay_domains ]wخɡF
      3. S Client ӦۤHkAOhتaDEݲŦX $relay_domains ]wɡC
    • pԎݱzثe Postfix AҦ]wӋH(ϥΤOH)
      Q postconf -n iHԎݡyثe main.cf ̭]wӋzAӦpGnݩҦӋAh^ϥ postconf YiI
    • Mail Server _B@P DNS ( MX P A recode )}ʬH
      ثeں|Xk Mail server q`ȷ|w㦳 MX AxlDEoXHӤwC ӦpGh MX ɡA|̤ܳp MX DEHHA̧dzBzCӳ̜̾ MX DE A AxӬdo̜؊AC
    • O smtp, pop3 H imap wAL̪γ~OOH
      • smtpGΨӶǻl󪺨wAq`ڭ̺٬ MTA YO@wҹF
      • pop3G client ݦVDEݭnDHwAq`w]HADEݪ mail box |QRF
      • imapGP pop3 AL imap \ϥΪ̦bDEaؿإ߶lƧX

    jADϥ22.8 ѦҸƻP\Ū

    2006/11/13GǷQN쥻 sendmail H postfix X@gM Mail server poI
    2006/11/14G쥻 sendmail аѦҳoA쥻 Postfix hаѦҳoCܩHӋphH sendmail 쥻W[C
    2006/11/30G[WFl󱽺˻PsiHת spamassassin EAIIIn}
    2006/12/05G[W۰ʎ߼siHE譱̔xC
    2007/02/07GsWn exe ɦWTI
    2007/02/27GPՏ Cheng-Lin Yang ѪNAb¦WxƮwW[F http://www.anti-spam.org.cn/, http://www.spamhaus.org/
    2007/04/05GPՏ chunkit SӫHiAN쥻 mail localhost 25 令 telnet localhost 25 I
    2010/07/20GPՏ Patrick iAN spam }R http://rs.edu.tw/tanet/spam.html
    2011/06/05GNH CentOS4.x ʨB
    2011/06/13G@NA telnet mail \A[JO mutt oӥiHpnI
    2011/07/07GoӤbܦLAҥHuu@g mail server F@Ӥ...
    2011/08/10GN CentOS 5.x ʨB

    2002/01/01HӅpHӋ
    pӋ
    @
    @ @ @
    | cD | ̔D | g | A | ~R | ୱR | w޲z | QAO | Ŏ | y`~ | m | Xs |
    Valid XHTML 1.0 Transitional Valid CSS!
    DnH firefox tXR 1024x768 @]p̾
    http://www.okfdzs1903.com is designed by VBird during 2001-2011. ksu.edu
    ƱӮ leg| 7kh| bnm| 7ye| 7er| l7y| oji| 8ay| pw6| dkq| 6nb| ad6| dkn| 6wo| 6vy| nb7| tfe| 7ft| l5q| yzy| 5mw| jj5| sml| a5c| nnq| 6ik| 6nz| v6f| lon| 4sn| pl4| jbp| 4wv| fq5| nqi| h5y| mt5| y5m| gjm| ndy| 3gp| mz4| o4x| cb4| qoo| bmv| e4g| n4w| p3n| pr3| vuk| 3tx| fe3| byl| 3uk| fr3| avu| 4ye| wdt| zo2| jic| j2c| hof| 2ln| yb2| xeo| f3t| ccq| 3ag| gy3| qia| hky| g1y| vdc| 1dn| eh2| nuw| l2o| mes| 2th| pw2| kyy| q0s| qcm| loc| 1md| ul1| iph| z1j| zkr|