首页 > 代码库 > 邮件,apache
邮件,apache
###远程登陆邮件的限制
1.限制登陆主机
[root@mailwestos ~]# cd /etc/postfix/
[root@mailwestos postfix]# ls
access generic main.cf relocated virtual
canonical header_checks master.cf transport
[root@mailwestos postfix]# vim access 
[root@mailwestos postfix]# postmap access
[root@mailwestos postfix]# ls
access canonical header_checks master.cf transport
access.db generic main.cf relocated virtual
[root@mailwestos postfix]# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"
[root@mailwestos postfix]# vim main.cf
[root@mailwestos postfix]# systemctl restart postfix.service
[root@linux ~]# telnet 172.25.254.16 25
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is ‘^]‘.
220 maillinux.westos.com ESMTP Postfix
mail from:root@westos.com
250 2.1.0 Ok
rcpt to:root@linux.com
554 5.7.1 <unknown[172.25.254.116]>: Client host rejected: Access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
2.限制发送
[root@mailwestos postfix]# vim sender
[root@mailwestos postfix]# postmap sender
[root@mailwestos postfix]# ls
access canonical header_checks master.cf sender transport
access.db generic main.cf relocated sender.db virtual
[root@mailwestos postfix]# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
[root@mailwestos postfix]# vim main.cf
[root@mailwestos postfix]# systemctl restart postfix.service
[root@foundation50 Desktop]# telnet 172.25.254.16 25
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is ‘^]‘.
220 maillinux.westos.com ESMTP Postfix
mail from:student@westos.com
250 2.1.0 Ok
rcpt to:root@westos.com
554 5.7.1 <student@westos.com>: Sender address rejected: Access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
3.限制接收者
[root@mailwestos postfix]# vim recip
stusdent@linux.com REJECT
root@mailwestos postfix]# postmap recip
[root@mailwestos postfix]# ls
access canonical header_checks master.cf recip.db sender transport
access.db generic main.cf recip relocated sender.db virtual
[root@mailwestos postfix]# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"
[root@mailwestos postfix]# systemctl restart postfix.service
root@maillinux ~]# telnet 172.25.254.16 25
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is ‘^]‘.
220 maillinux.westos.com ESMTP Postfix
mail from:root@westos.com
250 2.1.0 Ok
rcpt to:student@linux.com
554 5.7.1 <student@linux.com>: Recipient address rejected: Access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
[root@mailwestos postfix]# vim main.cf
删除限制设定
[root@mailwestos postfix]# systemctl restart postfix.service
#####邮件的接收
[root@mailwestos ~]# yum install dovecot -y ##安装邮件接收软件
[root@mailwestos ~]# cd /etc/dovecot
[root@mailwestos dovecot]# vim dovecot.conf
[root@mailwestos dovecot]# cd conf.d/
[root@mailwestos conf.d]# ls
10-auth.conf 20-imap.conf auth-dict.conf.ext
10-director.conf 20-lmtp.conf auth-ldap.conf.ext
10-logging.conf 20-pop3.conf auth-master.conf.ext
10-mail.conf 90-acl.conf auth-passwdfile.conf.ext
10-master.conf 90-plugin.conf auth-sql.conf.ext
10-ssl.conf 90-quota.conf auth-static.conf.ext
15-lda.conf auth-checkpassword.conf.ext auth-system.conf.ext
15-mailboxes.conf auth-deny.conf.ext auth-vpopmail.conf.ext
[root@mailwestos conf.d]# vim 10-mail.conf
[root@mailwestos conf.d]# systemctl start dovecot
[root@mailwestos conf.d]# systemctl enable dovecot
[root@foundation50 Desktop]# yum install mutt -y ###安装邮件管理软件
root@foundation50 Desktop]# mutt -f pop://root@172.25.254.16
[root@mailwestos conf.d]# cd /etc/skel/
[root@mailwestos skel]# mkdir mail/.imap/ -p
[root@mailwestos skel]# touch mail/.imap/INBOX ##用户创建会自动生成该文件
(下载雷鸟软件
[root@maillinux mnt]# tar -jxf thunderbird-45.5.1.tar.bz2
[root@maillinux mnt]# ls
thunderbird thunderbird-45.5.1.tar.bz2
[root@maillinux mnt]# ./thunderbird
(邮件帐号设定管理
####虚拟用户邮件服务
[root@mailwestos ~]# yum install mariadb-server httpd php php-mysql -y
(版本低于5.5,使用非图形方式创建邮件数据库信息,如下
[root@mailwestos conf.d]# mysql -upostfix -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.41-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.
Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.
MariaDB [(none)]> SELECT * FROM email.vuser;
+------------------+----------+------------+-------------------+
| username | password | domain | maildir |
+------------------+----------+------------+-------------------+
| admin@westos.org | 123 | westos.org | westos.org/admin/ |
| lee@westos.org | 123 | westos.org | westos.org/lee/ |
+------------------+----------+------------+-------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]>
测试110端口
[root@mailwestos ~]# telnet 172.25.254.16 110
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is ‘^]‘.
-ERR Disconnected: Auth process broken
Connection closed by foreign host. ###登陆失败
[root@mailwestos ~]# cat /var/log/maillog ###查看报错日志
Dec 8 21:00:44 mailwestos dovecot: auth: Fatal: sql /etc/dovecot/dovecot-sql.conf.ext: Can‘t open configuration file /etc/dovecot/dovecot-sql.conf.ext: No such file or directory ###没有安装dovecot-mysql软件
Dec 8 21:00:44 mailwestos dovecot: master: Error: service(auth): command startup failed, throttling for 4 secs
Dec 8 21:00:44 mailwestos dovecot: pop3-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=<>, rip=172.25.254.16, lip=172.25.254.16, secured, session=<lpEuHzBD0ACsGf4Q>
[root@mailwestos dovecot]# yum install dovecot-mysql -y ##安装dovecot-mysql软件
配置postfix
[root@mailwestos myadmin]# cd /etc/postfix/
[root@mailwestos postfix]# vim mysql-users.cf
root@mailwestos postfix]# cp mysql-users.cf mysql-domain.cf
[root@mailwestos postfix]# cp mysql-users.cf mysql-maildir.cf
[root@mailwestos postfix]# vim mysql-domain.cf
[root@mailwestos postfix]# vim mysql-maildir.cf
[root@mailwestos postfix]# postmap -q "admin@westos.org" mysql:/etc/postfix/mysql-users.cf
[root@mailwestos postfix]# postmap -q "westos.org" mysql:/etc/postfix/mysql-domain.cf
[root@mailwestos postfix]# postmap -q "admin@westos.org" mysql:/etc/postfix/mysql-maildir.cf
(全部查询成功
[root@mailwestos postfix]# postconf -e "virtual_gid_maps = static:666"
[root@mailwestos postfix]# postconf -e "virtual_uid_maps = static:666"
[root@mailwestos postfix]# postconf -e "virtual_mailbox_base = /home/vmail"
[root@mailwestos postfix]# postconf -e "virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf"
[root@mailwestos postfix]# postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf"
[root@mailwestos postfix]# postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf"
[root@mailwestos postfix]# systemctl restart postfix.service
[root@mailwestos home]# mail admin@westos.org ##测试虚拟用户
Subject: test
alsdkfj
.
EOT
[root@mailwestos home]# cd vmail/
[root@mailwestos vmail]# ls
westos.org
[root@mailwestos admin]# ls
cur new tmp
[root@mailwestos conf.d]# vim 10-mail.conf
(30 mail_location = maildir:/home/vmail/%d/%n
168 first_valid_uid = 666
175 first_valid_gid = 666
:wq
[root@mailwestos conf.d]# vim 10-auth.conf
(123 !include auth-sql.conf.ext
:wq
[root@mailwestos conf.d]# vim auth-sql.conf.ext
8 # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
:q
[root@mailwestos conf.d]# cd /usr/share/doc/dovecot-2.2.10/example-config/
[root@mailwestos example-config]# cp -p dovecot-sql.conf.ext /etc/dovecot/
[root@mailwestos example-config]# cd /etc/dovecot/
[root@mailwestos dovecot]# ls
conf.d dovecot.conf dovecot-sql.conf.ext
[root@mailwestos dovecot]# vim dovecot-sql.conf.ext
(32 driver = mysql
71 connect = host=localhost dbname=email user=postfix password=postfix
78 default_pass_scheme = PLAIN ##明文
107 password_query = \
108 SELECT username, domain, password \
109 FROM vuser WHERE username = ‘%u‘ AND domain = ‘%d‘
125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM vuser WHERE username = ‘%u‘
:wq
[root@mailwestos dovecot]# systemctl restart dovecot.service
[root@mailwestos dovecot]# telnet 172.25.254.16 110
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is ‘^]‘.
+OK [XCLIENT] Dovecot ready.
user admin@westos.org
+OK
pass 123
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host. #######测试成功
[root@mailwestos thunderbird]# ./thunderbird ###使用雷鸟测试成功
####空壳邮件
[root@maillinux ~]# vim /etc/named.rfc1912.zones ##添加westos.org域名解析配置
37 zone "westos.org" IN {
38 type master;
39 file "westos.org.zone";
40 allow-update { none; };
41 };
42
:wq
[root@maillinux ~]# cd /var/named
[root@maillinux named]# cp -p westos.com.zone westos.org.zone
[root@maillinux named]# vim westos.org.zone ##编辑模板,添加westos.org解析信息
1 $TTL 1D
2 @ IN SOA dns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.50.116
10 westos.org. MX 1 172.25.50.116.
:wq
[root@maillinux named]# dig -t mx westos.org
;westos.org. IN MX
westos.org. 86400 IN MX 1 172.25.50.116.
[root@maillinux named]# rm -fr /etc/postfix/main.cf
[root@maillinux named]# yum reinstall postfix -y
[root@maillinux named]# systemctl restart postfix.service
[root@maillinux named]# vim /etc/postfix/main.cf
75 myhostname = maillinux.linux.com
83 mydomain = linux.com
98 myorigin = westos.org
113 inet_interfaces = all
116 #inet_interfaces = localhost
140 local_transport = error:local delivery disabled ##不允许本地投递
164 mydestination = ##不接收任何邮件
313 relayhost = 172.25.50.16 ##指定真实的邮件服务器IP地址(此机为空壳
:wq
[root@maillinux named]# systemctl restart postfix.service
[root@mailwestos ~]# vim /etc/postfix/main.cf
264 mynetworks = 172.25.50.0/24
:wq
[root@mailwestos ~]# systemctl restart postfix.service
[root@mailwestos ~]# cd /home/vmail/
[root@mailwestos vmail]# ls
westos.org
[root@mailwestos vmail]# rm -fr *
[root@mailwestos vmail]# ls
[root@maillinux ~]# mail admin@westos.org
Subject: alsdgkhl;as
alsdgk
.
EOT
[root@maillinux named]# mailq
Mail queue is empty
[root@mailwestos vmail]# ls
westos.org
[root@mailwestos vmail]# cd westos.org/
[root@mailwestos westos.org]# ls
[root@mailwestos westos.org]# cd admin/
[root@mailwestos admin]# ls
cur new tmp
(邮件文件内容与邮件服务器分离
############################## Apache
[root@web ~]# yum search httpd
Loaded plugins: langpacks
============================== N/S matched: httpd ==============================
httpd.x86_64 : Apache HTTP Server
httpd-devel.x86_64 : Development interfaces for the Apache HTTP server
httpd-manual.noarch : Documentation for the Apache HTTP server
httpd-tools.x86_64 : Tools for use with the Apache HTTP Server
libmicrohttpd.i686 : Lightweight library for embedding a webserver in
: applications
libmicrohttpd.x86_64 : Lightweight library for embedding a webserver in
: applications
mod_auth_mellon.x86_64 : A SAML 2.0 authentication module for the Apache Httpd
: Server
mod_dav_svn.x86_64 : Apache httpd module for Subversion server
Name and summary matches only, use "search all" for everything.
[root@web ~]# yum install httpd -y
[root@web ~]# cd /var/www/html/
[root@web html]# ls
myadmin
[root@web html]# mv myadmin /mnt
[root@web html]# echo TEXT FOR VIEW > index.html
[root@web html]# echo THIS FILE is file1 > file1.html
[root@web html]# firefox
http://172.25.254.16
TEXT FOR VIEW #####默认发布目录/var/www/html/ 显示index.html 内容
[root@web1 html]# vim /etc/httpd/conf/httpd.conf
164 DirectoryIndex file1.html index.html ###http.conf配置文件中默认限制内容文件的顺序
[root@web1 html]# systemctl reload httpd
[root@web html]# firefox
http://172.25.254.16
THIS FILE is file1
[root@web conf]# yum install httpd-manual -y ##安装手册
[root@web conf]# cd /var/www/html/
[root@web html]# ls
file1.html index.html
[root@web html]# ls -Zd .
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
[root@web html]# mkdir /www/westos -p
[root@web html]# semanage fcontext -a -t httpd_sys_content_t ‘/www/westos(/.*)?‘ #添加安全标签
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
[root@web westos]# echo This page is used to show viewed chaged dir > index.html
[root@web westos]# ls -Z
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
[root@web westos]# vim /etc/httpd/conf/httpd.conf
(119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/westos"
121 <Directory "/www/westos">
122 require all granted
123 </Directory>
[root@web westos]# systemctl restart httpd.service
[root@web westos]# firefox
http://172.25.254.16
This page is used to show viewed chaged dir
[root@web westos]# vim /etc/httpd/conf/httpd.conf
在122行可编辑黑白名单,Allow,Deny先后顺序
21 <Directory "/www/westos">
122 Require all granted
123 Order Allow,Deny
124 Allow from all
125 Deny from 172.25.254.116
126 </Directory>
限制116登陆,改变Allow,Deny顺序,只允许116登陆
#设定密码访问
[root@web westos]# cd /etc/httpd/
[root@web httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@web httpd]# htpasswd -cm htpasswdfile admin
New password:
Re-type new password:
Adding password for user admin
[root@web httpd]# htpasswd -m htpasswdfile westos
New password:
Re-type new password:
Adding password for user westos
[root@web httpd]# cat htpasswdfile
admin:$apr1$WbKugIGj$2HGUWRwGSXS41wsCTbvod/
westos:$apr1$cgzYLUVZ$zSkX6bfpFZkDQxrONSofc/
[root@web httpd]# vim /etc/httpd/conf/httpd.conf
121 <Directory "/www/westos">
122 #Require all granted
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "Please input username and password"
125 Authtype basic
126 Require user admin
127 </Directory>
[root@web httpd]# systemctl reload httpd
http://172.25.254.115
music.westos.com; news.westos.com
[root@web httpd]# vim /etc/httpd/conf/httpd.conf
119 DocumentRoot "/var/www/html"
120 #DocumentRoot "/www/westos"
[root@web httpd]# systemctl reload httpd
[root@web httpd]# cd /var/www/html/
[root@web html]# ls
[root@web html]# vim index.html
1 www.westos.com
[root@web html]# vim /etc/hosts
172.25.254.16 www.westos.com westos.com music.westos.com news.westos.com
[root@web html]# mkdir /var/www/virtual/music.westos.com/html -p
[root@web html]# mkdir /var/www/virtual/news.westos.com/html -p
[root@web ~]# cd /var/www/virtual/music.westos.com/html
[root@web html]# vim index.html
1 music.westos.com
[root@web html]# cd /var/www/virtual/news.westos.com/html
[root@web html]# vim index.html
1 news.westos.com
[root@web html]# cd /etc/httpd/conf.d/
[root@web conf.d]# ls
autoindex.conf manual.conf README userdir.conf welcome.conf
[root@web conf.d]# vim default.conf
1 <Virtualhost _default_:80>
2 Documentroot /var/www/html
3 Customlog "logs/default.log" combined ##combined表示日志级别是全部
4 </Virtualhost>
5 <Directory "/var/www/html">
6 Require all granted
7 </Directory>
[root@web conf.d]# cp default.conf music.conf
[root@web conf.d]# vim music.conf
1 <Virtualhost *:80>
2 Servername music.westos.com
3 Documentroot /var/www/virtual/music.westos.com/html
4 Customlog "logs/music.log" combined
5 </Virtualhost>
6 <Directory "/var/www/virtual/music.westos.com/html">
7 Require all granted
8 </Directory>
[root@web conf.d]# cp music.conf news.conf
[root@web conf.d]# vim news.conf
1 <Virtualhost *:80>
2 Servername news.westos.com
3 Documentroot /var/www/virtual/news.westos.com/html
4 Customlog "logs/news.log" combined
5 </Virtualhost>
6 <Directory "/var/www/virtual/news.westos.com/html">
7 Require all granted
8 </Directory>
[root@web conf.d]# systemctl restart httpd
[root@web conf.d]# firefox
www.westos.com
news.westos.com
music.westos.com
显示成功
####证书
[root@web1 conf.d]# yum install mod_ssl -y
[root@foundation15 conf.d]# yum install crypto-utils -y
[root@web1 conf.d]# genkey www.westos.com ###给网址加密
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.8103 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert
cmd_CreateNewCert
command: makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi‘an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.8103
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
[root@web1 ~]# ls /etc/pki/tls/certs
ca-bundle.crt localhost.crt Makefile www.westos.com.crt
ca-bundle.trust.crt make-dummy-cert renew-dummy-cert
[root@web1 conf.d]# vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
https://172.25.254.16
左上角安装查看证书,ctrl+shift+delete可删除缓存,performence-Advanced-SecurityDevices-server可删除证书
邮件,apache