邮件,apache
###远程登陆邮件的限制1.限制登陆主机
# cd /etc/postfix/
# ls
access generic main.cf relocatedvirtual
canonicalheader_checksmaster.cftransport
# vim access
# postmap access
# ls
access canonicalheader_checksmaster.cftransport
access.dbgeneric main.cf relocatedvirtual
# postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"
# vim main.cf
# systemctl restart postfix.service
# telnet 172.25.254.16 25
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is '^]'.
220 maillinux.westos.com ESMTP Postfix
mail from:root@westos.com
250 2.1.0 Ok
rcpt to:root@linux.com
554 5.7.1 : Client host rejected: Access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
2.限制发送
# vim sender
# postmap sender
# ls
access canonicalheader_checksmaster.cfsender transport
access.dbgeneric main.cf relocatedsender.dbvirtual
# postconf -e "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender"
# vim main.cf
# systemctl restart postfix.service
# telnet 172.25.254.16 25
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is '^]'.
220 maillinux.westos.com ESMTP Postfix
mail from:student@westos.com
250 2.1.0 Ok
rcpt to:root@westos.com
554 5.7.1 : Sender address rejected: Access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
3.限制接收者
# vim recip
stusdent@linux.com REJECT
root@mailwestos postfix]# postmap recip
# ls
access canonicalheader_checksmaster.cfrecip.db sender transport
access.dbgeneric main.cf recip relocatedsender.dbvirtual
# postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"
# systemctl restart postfix.service
root@maillinux ~]# telnet 172.25.254.16 25
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is '^]'.
220 maillinux.westos.com ESMTP Postfix
mail from:root@westos.com
250 2.1.0 Ok
rcpt to:student@linux.com
554 5.7.1 : Recipient address rejected: Access denied
quit
221 2.0.0 Bye
Connection closed by foreign host.
# vim main.cf
删除限制设定
# systemctl restart postfix.service
#####邮件的接收
# yum install dovecot -y ##安装邮件接收软件
# cd /etc/dovecot
# vim dovecot.conf
# cd conf.d/
# ls
10-auth.conf 20-imap.conf auth-dict.conf.ext
10-director.conf 20-lmtp.conf auth-ldap.conf.ext
10-logging.conf 20-pop3.conf auth-master.conf.ext
10-mail.conf 90-acl.conf auth-passwdfile.conf.ext
10-master.conf 90-plugin.conf auth-sql.conf.ext
10-ssl.conf 90-quota.conf auth-static.conf.ext
15-lda.conf auth-checkpassword.conf.extauth-system.conf.ext
15-mailboxes.confauth-deny.conf.ext auth-vpopmail.conf.ext
# vim 10-mail.conf
# systemctl start dovecot
# systemctl enable dovecot
# yum install mutt -y ###安装邮件管理软件
root@foundation50 Desktop]# mutt -f pop://root@172.25.254.16
# cd /etc/skel/
# mkdir mail/.imap/ -p
# touch mail/.imap/INBOX ##用户创建会自动生成该文件
(下载雷鸟软件
# tar -jxf thunderbird-45.5.1.tar.bz2
# ls
thunderbirdthunderbird-45.5.1.tar.bz2
# ./thunderbird
(邮件帐号设定管理
####虚拟用户邮件服务
# yum install mariadb-server httpd php php-mysql -y
(版本低于5.5,使用非图形方式创建邮件数据库信息,如下
# mysql -upostfix -p
Enter password:
Welcome to the MariaDB monitor.Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.41-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> SELECT * FROM email.vuser;
+------------------+----------+------------+-------------------+
| username | password | domain | maildir |
+------------------+----------+------------+-------------------+
| admin@westos.org | 123 | westos.org | westos.org/admin/ |
| lee@westos.org | 123 | westos.org | westos.org/lee/ |
+------------------+----------+------------+-------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]>
测试110端口
# telnet 172.25.254.16 110
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is '^]'.
-ERR Disconnected: Auth process broken
Connection closed by foreign host. ###登陆失败
# cat /var/log/maillog ###查看报错日志
Dec8 21:00:44 mailwestos dovecot: auth: Fatal: sql /etc/dovecot/dovecot-sql.conf.ext: Can't open configuration file /etc/dovecot/dovecot-sql.conf.ext: No such file or directory ###没有安装dovecot-mysql软件
Dec8 21:00:44 mailwestos dovecot: master: Error: service(auth): command startup failed, throttling for 4 secs
Dec8 21:00:44 mailwestos dovecot: pop3-login: Disconnected: Auth process broken (disconnected before auth was ready, waited 0 secs): user=, rip=172.25.254.16, lip=172.25.254.16, secured, session=
# yum install dovecot-mysql -y ##安装dovecot-mysql软件
配置postfix
# cd /etc/postfix/
# vim mysql-users.cf
root@mailwestos postfix]# cp mysql-users.cf mysql-domain.cf
# cp mysql-users.cf mysql-maildir.cf
# vim mysql-domain.cf
# vim mysql-maildir.cf
# postmap -q "admin@westos.org" mysql:/etc/postfix/mysql-users.cf
# postmap -q "westos.org" mysql:/etc/postfix/mysql-domain.cf
# postmap -q "admin@westos.org" mysql:/etc/postfix/mysql-maildir.cf
(全部查询成功
# postconf -e "virtual_gid_maps = static:666"
# postconf -e "virtual_uid_maps = static:666"
# postconf -e "virtual_mailbox_base = /home/vmail"
# postconf -e "virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf"
# postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf"
# postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf"
# systemctl restart postfix.service
# mail admin@westos.org ##测试虚拟用户
Subject: test
alsdkfj
.
EOT
# cd vmail/
# ls
westos.org
# ls
curnewtmp
# vim 10-mail.conf
(30 mail_location = maildir:/home/vmail/%d/%n
168 first_valid_uid = 666
175 first_valid_gid = 666
:wq
# vim 10-auth.conf
(123 !include auth-sql.conf.ext
:wq
# vim auth-sql.conf.ext
8 # Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
:q
# cd /usr/share/doc/dovecot-2.2.10/example-config/
# cp -p dovecot-sql.conf.ext /etc/dovecot/
# cd /etc/dovecot/
# ls
conf.ddovecot.confdovecot-sql.conf.ext
# vim dovecot-sql.conf.ext
(32 driver = mysql
71 connect = host=localhost dbname=email user=postfix password=postfix
78 default_pass_scheme = PLAIN ##明文
107 password_query = \
108 SELECT username, domain, password \
109 FROM vuser WHERE username = '%u' AND domain = '%d'
125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM vuser WHERE username = '%u'
:wq
# systemctl restart dovecot.service
# telnet 172.25.254.16 110
Trying 172.25.254.16...
Connected to 172.25.254.16.
Escape character is '^]'.
+OK Dovecot ready.
user admin@westos.org
+OK
pass 123
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host. #######测试成功
# ./thunderbird ###使用雷鸟测试成功
####空壳邮件
# vim /etc/named.rfc1912.zones ##添加westos.org域名解析配置
37 zone "westos.org" IN {
38 type master;
39 file "westos.org.zone";
40 allow-update { none; };
41 };
42
:wq
# cd /var/named
# cp -p westos.com.zone westos.org.zone
# vim westos.org.zone ##编辑模板,添加westos.org解析信息
1 $TTL 1D
2 @ IN SOAdns.westos.org. root.westos.org. (
3 0 ; serial
4 1D ; refresh
5 1H ; retry
6 1W ; expire
7 3H ) ; minimum
8 NS dns.westos.org.
9 dns A 172.25.50.116
10 westos.org. MX 1 172.25.50.116.
:wq
# dig -t mx westos.org
;westos.org. IN MX
westos.org. 86400 IN MX 1 172.25.50.116.
# rm -fr /etc/postfix/main.cf
# yum reinstall postfix -y
# systemctl restart postfix.service
# vim /etc/postfix/main.cf
75 myhostname = maillinux.linux.com
83 mydomain = linux.com
98 myorigin = westos.org
113 inet_interfaces = all
116 #inet_interfaces = localhost
140 local_transport = error:local delivery disabled ##不允许本地投递
164 mydestination = ##不接收任何邮件
313 relayhost = 172.25.50.16 ##指定真实的邮件服务器IP地址(此机为空壳
:wq
# systemctl restart postfix.service
# vim /etc/postfix/main.cf
264 mynetworks = 172.25.50.0/24
:wq
# systemctl restart postfix.service
# cd /home/vmail/
# ls
westos.org
# rm -fr *
# ls
# mail admin@westos.org
Subject: alsdgkhl;as
alsdgk
.
EOT
# mailq
Mail queue is empty
# ls
westos.org
# cd westos.org/
# ls
# cd admin/
# ls
curnewtmp
(邮件文件内容与邮件服务器分离
##############################Apache
# yum search httpd
Loaded plugins: langpacks
============================== N/S matched: httpd ==============================
httpd.x86_64 : Apache HTTP Server
httpd-devel.x86_64 : Development interfaces for the Apache HTTP server
httpd-manual.noarch : Documentation for the Apache HTTP server
httpd-tools.x86_64 : Tools for use with the Apache HTTP Server
libmicrohttpd.i686 : Lightweight library for embedding a webserver in
: applications
libmicrohttpd.x86_64 : Lightweight library for embedding a webserver in
: applications
mod_auth_mellon.x86_64 : A SAML 2.0 authentication module for the Apache Httpd
: Server
mod_dav_svn.x86_64 : Apache httpd module for Subversion server
Name and summary matches only, use "search all" for everything.
# yum install httpd -y
# cd /var/www/html/
# ls
myadmin
# mv myadmin /mnt
# echo TEXT FOR VIEW > index.html
# echo THIS FILE is file1 > file1.html
# firefox
http://172.25.254.16
TEXT FOR VIEW #####默认发布目录/var/www/html/ 显示index.html 内容
# vim /etc/httpd/conf/httpd.conf
164 DirectoryIndex file1.html index.html ###http.conf配置文件中默认限制内容文件的顺序
# systemctl reload httpd
# firefox
http://172.25.254.16
THIS FILE is file1
# yum install httpd-manual -y ##安装手册
# cd /var/www/html/
# ls
file1.htmlindex.html
# ls -Zd .
drwxr-xr-x. root root system_u:object_r:httpd_sys_content_t:s0 .
# mkdir /www/westos -p
# semanage fcontext -a -t httpd_sys_content_t '/www/westos(/.*)?' #添加安全标签
restorecon reset /www context unconfined_u:object_r:default_t:s0->system_u:object_r:default_t:s0
restorecon reset /www/westos context unconfined_u:object_r:default_t:s0->system_u:object_r:httpd_sys_content_t:s0
# echo This page is used to show viewed chaged dir > index.html
# ls -Z
-rw-r--r--. root root unconfined_u:object_r:httpd_sys_content_t:s0 index.html
# vim /etc/httpd/conf/httpd.conf
(119 #DocumentRoot "/var/www/html"
120 DocumentRoot "/www/westos"
121
122 require all granted
123
# systemctl restart httpd.service
# firefox
http://172.25.254.16
This page is used to show viewed chaged dir
# vim /etc/httpd/conf/httpd.conf
在122行可编辑黑白名单,Allow,Deny先后顺序
21
122 Require all granted
123 Order Allow,Deny
124 Allow from all
125 Deny from 172.25.254.116
126
限制116登陆,改变Allow,Deny顺序,只允许116登陆
#设定密码访问
# cd /etc/httpd/
# ls
confconf.dconf.modules.dlogsmodulesrun
# htpasswd -cm htpasswdfile admin
New password:
Re-type new password:
Adding password for user admin
# htpasswd -m htpasswdfile westos
New password:
Re-type new password:
Adding password for user westos
# cat htpasswdfile
admin:$apr1$WbKugIGj$2HGUWRwGSXS41wsCTbvod/
westos:$apr1$cgzYLUVZ$zSkX6bfpFZkDQxrONSofc/
# vim /etc/httpd/conf/httpd.conf
121
122 #Require all granted
123 Authuserfile /etc/httpd/htpasswdfile
124 Authname "Please input username and password"
125 Authtype basic
126 Require user admin
127
# systemctl reload httpd
http://172.25.254.115
music.westos.com; news.westos.com
# vim /etc/httpd/conf/httpd.conf
119 DocumentRoot "/var/www/html"
120 #DocumentRoot "/www/westos"
# systemctl reload httpd
# cd /var/www/html/
# ls
# vim index.html
1 www.westos.com
# vim /etc/hosts
172.25.254.16 www.westos.com westos.com music.westos.com news.westos.com
# mkdir /var/www/virtual/music.westos.com/html -p
# mkdir /var/www/virtual/news.westos.com/html -p
# cd /var/www/virtual/music.westos.com/html
# vim index.html
1 music.westos.com
# cd /var/www/virtual/news.westos.com/html
# vim index.html
1 news.westos.com
# cd /etc/httpd/conf.d/
# ls
autoindex.confmanual.confREADMEuserdir.confwelcome.conf
# vim default.conf
1
2 Documentroot /var/www/html
3 Customlog "logs/default.log" combined ##combined表示日志级别是全部
4
5
6 Require all granted
7
# cp default.conf music.conf
# vim music.conf
1
2 Servername music.westos.com
3 Documentroot /var/www/virtual/music.westos.com/html
4 Customlog "logs/music.log" combined
5
6
7 Require all granted
8
# cp music.conf news.conf
# vim news.conf
1
2 Servername news.westos.com
3 Documentroot /var/www/virtual/news.westos.com/html
4 Customlog "logs/news.log" combined
5
6
7 Require all granted
8
# systemctl restart httpd
# firefox
www.westos.com
news.westos.com
music.westos.com
显示成功
####证书
# yum install mod_ssl -y
# yum install crypto-utils -y
# genkey www.westos.com ###给网址加密
/usr/bin/keyutil -c makecert -g 1024 -s "CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=shannxi, C=CN" -v 1 -a -z /etc/pki/tls/.rand.8103 -o /etc/pki/tls/certs/www.westos.com.crt -k /etc/pki/tls/private/www.westos.com.key
cmdstr: makecert
cmd_CreateNewCert
command:makecert
keysize = 1024 bits
subject = CN=www.westos.com, OU=linux, O=westos, L=xi'an, ST=shannxi, C=CN
valid for 1 months
random seed from /etc/pki/tls/.rand.8103
output will be written to /etc/pki/tls/certs/www.westos.com.crt
output key written to /etc/pki/tls/private/www.westos.com.key
Generating key. This may take a few moments...
Made a key
Opened tmprequest for writing
/usr/bin/keyutil Copying the cert pointer
Created a certificate
Wrote 882 bytes of encoded data to /etc/pki/tls/private/www.westos.com.key
Wrote the key to:
/etc/pki/tls/private/www.westos.com.key
# ls /etc/pki/tls/certs
ca-bundle.crt localhost.crt Makefile www.westos.com.crt
ca-bundle.trust.crtmake-dummy-certrenew-dummy-cert
# vim ssl.conf
100 SSLCertificateFile /etc/pki/tls/certs/www.westos.com.crt
107 SSLCertificateKeyFile /etc/pki/tls/private/www.westos.com.key
https://172.25.254.16
左上角安装查看证书,ctrl+shift+delete可删除缓存,performence-Advanced-SecurityDevices-server可删除证书
页:
[1]