sendmail在企业网络中的应用
sendmail在企业网络中的应用
一、本机客户端之间发送邮件
1、管理员身份给用户发邮件
[root@node1 ~]# service sendmail status sendmail (pid 2844) is running... //为了方便通知用户收到邮件,系统默认已经安装 [root@node1 ~]# chkconfig --list |grep sendmail sendmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off //默认设置开机启动
[root@node1 ~]# set |less
[root@node1 ~]# cd /var/spool/mail/ //切换到邮箱目录下
[root@node1 mail]# useradd user1 //增加一个账号 [root@node1 mail]# ll
[root@node1 mail]# mail -s hello user1 //给user1发送一个标题为hello的邮件 hehe //邮件内容 . Cc: //此处可以添加多个用户的账号,进行超送
[root@node1 mail]# su – user1 //切换到user1用户
[user1@node1 ~]$ mail //查看邮件
[user1@node1 ~]$ mail //再次访问邮箱 No mail for user1 //邮箱已无邮件
注:读取过后的邮件如果用q退出邮箱,系统自动保存在mbox中,如果想继续保存在邮箱中,可用x退出
[root@node1 ~]# netstat -tupln |less //查看端口状态
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2844/sendmail: acce //sendmail在127.0.0.1 的25端口处于监听状态
2、使用telnet发邮件
[root@node1 ~]# telnet 127.0.0.1 25 // Trying 127.0.0.1... Connected to node1.a.com (127.0.0.1). Escape character is '^]'. 220 node1.a.com ESMTP Sendmail 8.13.8/8.13.8; Mon, 10 Sep 2012 11:26:53 +0800 help 214-2.0.0 This is sendmail 214-2.0.0 Topics: 214-2.0.0 HELO EHLO MAIL RCPT DATA 214-2.0.0 RSET NOOP QUIT HELP VRFY 214-2.0.0 EXPN VERB ETRN DSN AUTH 214-2.0.0 STARTTLS 214-2.0.0 For more info use "HELP
HELO 127.0.0.1 //向127.0.0.1打招呼 250 node1.a.com Hello node1.a.com [127.0.0.1], pleased to meet you //127.0.0.1 做出回应
EHLO 127.0.0.1 250-node1.a.com Hello node1.a.com [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP //EHLO下有很多扩展选项,这点与HELO有区别
HELP mail //mail的用法 214-2.0.0 MAIL From:
mail from:root@localhost //发送人的地址 250 2.1.0 root@localhost... Sender ok //发送者 HELP RCPT //RCPT的用法 214-2.0.0 RCPT To:
DATA //写信件前,此步一定不可少 354 Enter mail, end with "." on a line by itself subject:hello1 //信件标题 I am very happy! //信件内容 . //信件以"."结束 250 2.0.0 q8A3ve9T029282 Message accepted for delivery
quit
[root@node1 ~]# su – user1 //切换到user1用户下 [user1@node1 ~]$ mail
二、外部telnet到本机发送邮件
1、从外部客户机telnet到本地主机
注:因为sendmail监听的是127.0.0.1,而127.0.0.1是一个封闭地址,只能实现本机内部进程之间的通信,外部主机无法与其进行通信
下面对sendmail进行一些改动
2、修改文件
[root@node1 ~]# cd /etc/mail
[root@node1 mail]# ll
3、安装sendmail及其他工具
[root@node1 mail]# rpm -qa |grep sendmail sendmail-8.13.8-2.el5 [root@node1 mail]# mkdir /mnt/cdrom //建立光盘挂载点 [root@node1 mail]# mount /dev/cdrom /mnt/cdrom/ //挂载光盘 mount: block device /dev/cdrom is write-protected, mounting read-only [root@node1 mail]# cd /mnt/cdrom/Server/ [root@node1 Server]# ll sendm* //编辑mc文件必须安装cf文件
[root@node1 Server]# ll m4* //m4工具可将mc文件转换成cf文件,此处m4工具已安装
[root@node1 Server]# rpm -ivh sendmail-cf-8.13.8-2.el5.i386.rpm //安装cf文件 Preparing... ########################################### [100%] 1:sendmail-cf ########################################### [100%]
[root@node1 mail]# vim sendmail.mc
[root@node1 mail]# service sendmail restart //重启服务
[root@node1 mail]# netstat -tupln |grep sendmail //查看端口 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29739/sendmail: acc
4、再次从外部telnet到192.168.101.5 25
可以进入!
5、从外部客户机给本地用户发邮件
[root@node1 ~]# su – user1 //切换到user1 [user1@node1 ~]$ mail
[root@node1 ~]# netstat -tupln |grep sendmail //查看端口 tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29739/sendmail: acc
三、中继的实现
[root@node1 mail]# service sendmail restart
四、案例 搭建两台服务器使其互相通信
实验拓扑图
1、163.com的搭建
(1)、修改主机名
(2)、安装dns服务器
[root@node1 ~]# mkdir /mnt/cdrom //建立光盘挂载点 [root@node1 ~]# mount /dev/cdrom /mnt/cdrom/ //挂载光盘 mount: block device /dev/cdrom is write-protected, mounting read-only [root@node1 ~]# cd /mnt/cdrom/Server/
[root@node1 Server]# rpm -ivh bind-9.3.6-4.P1.el5.i386.rpm Preparing... ########################################### [100%] package bind-9.3.6-4.P1.el5.i386 is already installed [root@node1 Server]# rpm -ivh bind-chroot-9.3.6-4.P1.el5.i386.rpm Preparing... ########################################### [100%] package bind-chroot-9.3.6-4.P1.el5.i386 is already installed [root@node1 Server]# rpm -ivh caching-nameserver-9.3.6-4.P1.el5.i386.rpm Preparing... ########################################### [100%] package caching-nameserver-9.3.6-4.P1.el5.i386 is already installed
(3)、拷贝并生成文件
[root@node1 Server]# cd /var/named/chroot/etc/
[root@node1 etc]# ll
[root@node1 etc]# cp -p named.caching-nameserver.conf named.conf //拷贝并生成文件
[root@node1 etc]# ll
[root@node1 etc]# vim named.conf //编辑此文件
[root@node1 etc]# vim named.rfc1912.zones
[root@node1 etc]# cd ../var/named/ [root@node1 named]# ll
[root@node1 named]# cp -p localhost.zone 163.com.zone //拷贝生成163.com.zone
[root@node1 named]# ll
[root@node1 named]# vim 163.com.zone //编辑163.com.zone
[root@node1 named]# service named start //启动dns服务 Starting named: [ OK ]
[root@node1 named]# chkconfig named //设置为开机时启动
[root@node1 named]# vim /etc/resolv.conf
[root@node1 named]# init 6
[root@mail mail]# vim sendmail.mc
[root@mail mail]# vim access
[root@mail mail]# vim local-host-names
[root@mail mail]# service sendmail restart
[root@mail mail]# useradd user2
[root@mail mail]# useradd user3
[root@mail mail]# cd /var/spool/mail/
[root@mail mail]# ll
[root@mail ~]# mail -s hello user2 hello! ,, . Cc: [root@mail ~]# su - user2 [user2@mail ~]$ mail Mail version 8.1 6/6/93. Type ? for help. "/var/spool/mail/user2": 1 message 1 new >N 1 root@mail.163.com Tue Sep 11 16:05 17/577 "hello" & 1 Message 1: From root@mail.163.com Tue Sep 11 16:05:08 2012 Date: Tue, 11 Sep 2012 16:05:08 +0800 From: root
hello! ,,
& q Saved 1 message in mbox
[root@mail ~]# cd /mnt/cdrom/Server/ [root@mail Server]# ll dov*
[root@mail Server]# rpm -ivh dovecot-1.0.7-7.el5.i386.rpm Preparing... ########################################### [100%] 1:dovecot ########################################### [100%]
[root@mail Server]# service dovecot start Starting Dovecot Imap: [ OK ] [root@mail Server]# chkconfig dovecot on [root@mail Server]# netstat -tupln |less
[root@mail Server]# passwd user2 Changing password for user user2. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@mail Server]# passwd user3 Changing password for user user3. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: passwd: all authentication tokens updated successfully.
[root@mail Server]# vim /etc/aliases
[root@mail Server]# service sendmail restart
2、sina.com的搭建
[root@mail ~]# service sendmail status sendmail (pid 2876) is running... [root@mail ~]# service sendmail restart
[root@mail ~]# netstat -tupln |grep dov
tcp 0 0 :::993 :::* LISTEN 2812/dovecot tcp 0 0 :::995 :::* LISTEN 2812/dovecot tcp 0 0 :::110 :::* LISTEN 2812/dovecot tcp 0 0 :::143 :::* LISTEN 2812/dovecot
[root@mail ~]# userdel -r user1
[root@mail ~]# userdel -r user2 [root@mail ~]# userdel -r user3
[root@mail ~]# useradd user5 [root@mail ~]# useradd user6 [root@mail ~]# passwd user5 Changing password for user user5. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@mail ~]# passwd user6 Changing password for user user6. New UNIX password: BAD PASSWORD: it is WAY too short Retype new UNIX password: passwd: all authentication tokens updated successfully.
[root@mail ~]# vim /etc/resolv.conf
[root@mail ~]# service sendmail restart
[root@mail ~]# service named start //dns一定要启动,否侧用户无法接收信件 Starting named: [ OK ]
[root@mail ~]# su - user5 [user5@mail ~]$ mail user6
[user5@mail ~]$ su - user6 Password: [user6@mail ~]$ mail
3、163.com与sina.com间的通信
[root@mail ~]# dig -t mx 163.com
[root@mail ~]# dig -t mx sina.com
4、在163.com上转发sina.com
[root@mail ~]# vim /var/named/chroot/etc/named.conf
[root@mail ~]# rndc reload server reload successful
[root@mail ~]# dig -t mx sina.com
5、在sina.com上转发163.com
[root@mail ~]# vim /var/named/chroot/etc/named.conf
[root@mail ~]# rndc reload
server reload successful
[root@mail ~]# dig -t mx 163.com
6、反向dns,减少延迟
163.com
[root@mail ~]# cd /var/named/chroot/etc/ You have new mail in /var/spool/mail/root [root@mail etc]# ll
[root@mail etc]# vim named.rfc1912.zones
[root@mail etc]# cd ../var/named/ [root@mail named]# pwd /var/named/chroot/var/named [root@mail named]# ll
[root@mail named]# cp -p named.local 192.168.101.zone [root@mail named]# ll
[root@mail named]# vim 192.168.101.zone
sina.com
[root@mail ~]# cd /var/named/chroot/etc/ [root@mail etc]# ll
[root@mail etc]# vim named.rfc1912.zones
[root@mail etc]# cd ../var/named/ [root@mail named]# pwd /var/named/chroot/var/named [root@mail named]# ll
[root@mail named]# cp -p named.local 192.168.101.zone
[root@mail named]# vim 192.168.101.zone
[root@mail named]# rndc reload server reload successful
7、地址解析
163.com
[root@mail named]# nslookup mail.sina.com
[root@mail named]# nslookup 192.168.101.6
sina.com
[root@mail named]# nslookup mail.163.com
[root@mail named]# nslookup 192.168.101.5
四、安全问题
1、邮件的机密性
[root@mail ~]# mount /dev/cdrom /mnt/cdrom/ mount: block device /dev/cdrom is write-protected, mounting read-only [root@mail ~]# cd /mnt/cdrom/Server/
[root@mail Server]# ll |grep shark -r--r--r-- 220 root root 11130359 Jun 11 2009 wireshark-1.0.8-1.el5_3.1.i386.rpm -r--r--r-- 220 root root 686650 Jun 11 2009 wireshark-gnome-1.0.8-1.el5_3.1.i386.rpm
[root@mail Server]# rpm -ivh wireshark-1.0.8-1.el5_3.1.i386.rpm error: Failed dependencies: libsmi.so.2 is needed by wireshark-1.0.8-1.el5_3.1.i386 [root@mail Server]# ll |grep smi -r--r--r-- 327 root root 2540456 Jan 18 2008 libsmi-0.4.5-2.el5.i386.rpm -r--r--r-- 327 root root 21212 Jan 18 2008 libsmi-devel-0.4.5-2.el5.i386.rpm -r--r--r-- 264 root root 62425 Apr 20 2009 psmisc-22.2-7.i386.rpm [root@mail Server]# rpm -ivh libsmi-0.4.5-2.el5.i386.rpm Preparing... ########################################### [100%] 1:libsmi ########################################### [100%] [root@mail Server]# rpm -ivh wireshark-1.0.8-1.el5_3.1.i386.rpm Preparing... ########################################### [100%] 1:wireshark ########################################### [100%]
[root@mail Server]# tshark -ni eth0 -R "tcp.dstport eq 110" //抓包
[root@mail Server]# vim /etc/pki/tls/openssl-f
[root@mail CA]# mkdir crl certs newcerts //产生此三个文件目录
[root@mail CA]# touch index.txt serial [root@mail CA]# echo "01" >serial [root@mail CA]# ll
[root@mail CA]# openssl genrsa 1024 >private/cakey.pem
[root@mail CA]# chmod 600 private/* //修改文件权限
[root@mail CA]# ll private/
[root@mail CA]# openssl req -new -key private/cakey.pem -x509 -days 3650 -out cacert.pem //产生证书
[root@mail CA]# ll
(1)、发送邮件加密
[root@mail CA]# mkdir -pv /etc/mail/certs mkdir: created directory `/etc/mail/certs' [root@mail CA]# cd /etc/mail/certs/ [root@mail certs]# pwd /etc/mail/certs [root@mail certs]# openssl genrsa 1024 >sendmail.key
[root@mail certs]# ll
[root@mail certs]# openssl req -new -key sendmail.key -out sendmail.csr
[root@mail certs]# ll
[root@mail certs]# openssl ca -in sendmail.csr -out sendmail.cert
[root@mail certs]# chmod 600 * [root@mail certs]# ll
[root@mail certs]# service sendmail restart
[root@mail certs]# telnet 127.0.0.1 25
[root@mail certs]# vim /etc/mail/sendmail.mc
[root@mail Server]# tshark -ni eth0 -R "tcp.dstport eq 25" //抓包
(2)、接收邮件加密
[root@mail ~]# mkdir -pv /etc/dovecot/certs mkdir: created directory `/etc/dovecot' mkdir: created directory `/etc/dovecot/certs' [root@mail ~]# cd /etc/dovecot/certs/
[root@mail certs]# openssl genrsa 1024 >dovecot.key
[root@mail certs]# openssl req -new -key dovecot.key -out dovecot.csr
[root@mail certs]# ll
[root@mail certs]# openssl ca -in dovecot.csr -out dovecot.cert
[root@mail certs]# vim /etc/dovecot.conf
[root@mail certs]# service dovecot restart
[root@mail certs]# netstat -tupln |grep dov tcp 0 0 :::993 :::* LISTEN 3993/dovecot tcp 0 0 :::995 :::* LISTEN 3993/dovecot tcp 0 0 :::110 :::* LISTEN 3993/dovecot tcp 0 0 :::143 :::* LISTEN 3993/dovecot
[root@mail certs]# vim /etc/dovecot.conf
[root@mail certs]# service dovecot restart
[root@mail certs]# netstat -tupln |grep dov tcp 0 0 :::995 :::* LISTEN 4026/dovecot
[root@mail certs]# tshark -ni eth0 -R "tcp.dstport eq 995 or tcp.srcport eq 995"
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
发表评论
最近发表
推荐文章
热评文章
暂时没有评论,来抢沙发吧~