• unbound和mail服务的部署和简单应用


    1、服务的介绍
    Unbound是一个缓存DNS解析器。unbound官网

           它使用根区域的内置权威名称服务器列表
           (。),所谓的根提示。在收到DNS查询时,它会询问
           答案的根名称服务器,几乎在所有情况下都会收到
           授权给顶级域名(TLD)权威名称服务器。它
           然后会询问名称服务器的答案。它将以递归方式进行
           直到找到答案或没有答案(NXDOMAIN)。
           出于性能和效率的原因,答案被缓存为cer-
           时间(答案的生存时间或TTL)。第二个查询
           然后将从缓存中回答相同的名称。不受约束也可以
           DNSSEC验证。
            相传他的开发者是一位牙医,不知是否为真。
    

    postfix这是Wietse Venema开发的邮件服务器

    postfix是Wietse Venema想要为使用最广泛的提供替代品的一个尝试。在Internet世界中,大部分的电子邮件都是通过sendmail来投递的,大约有100万用户使用sendmail,每天投递上亿封邮件。这真是一个让人吃惊的数字。Postfix试图更快、更容易管理、更安全,同时还与sendmail保持足够的兼容性。
    来自百度文献
    

    2、环境介绍

    server端:
    [root@100 ~]# cat /etc/redhat-release 
    Red Hat Enterprise Linux Server release 7.1 (Maipo)
    [root@100 ~]# hostname
    100.hzy.com
    [root@100 ~]# ip a |grep inet
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
        inet 192.168.137.100/24 brd 192.168.137.255 scope global eno16777736
        inet6 fe80::20c:29ff:feac:5681/64 scope link 
    client端:
    [root@200 ~]# cat /etc/redhat-release 
    Red Hat Enterprise Linux Server release 7.1 (Maipo)
    [root@200 ~]# hostname
    200.hzy.com
    [root@200 ~]# ip a |grep inet
        inet 127.0.0.1/8 scope host lo
        inet6 ::1/128 scope host 
        inet 192.168.137.200/24 brd 192.168.137.255 scope global eno16777736
        inet6 fe80::20c:29ff:febb:c0b0/64 scope link 
    

    3、安装和部署unbound服务

    安装
    yum install -y unbound
    [root@100 ~]# rpm -ql unbound |grep etc
    /etc/sysconfig/unbound
    /etc/tmpfiles.d/unbound.conf
    /etc/unbound/conf.d
    /etc/unbound/conf.d/example.com.conf
    /etc/unbound/keys.d
    /etc/unbound/keys.d/example.com.key
    /etc/unbound/local.d
    /etc/unbound/local.d/block-example.com.conf
    /etc/unbound/unbound.conf 
    
    找到unbound.conf修改其配置
    server:
    	verbosity: 1
    	statistics-interval: 0
    	statistics-cumulative: no
    	extended-statistics: yes
    	
    	num-threads: 2 #线程数
    	interface: 0.0.0.0 #可以是本地个任意端口ip
    	interface-automatic: no #自动选择端口
    	port: 53 #端口53相应数据包
    
    	access-control: 0.0.0.0/0 allow #相应来自所有网段的数据包
    	chroot: "" #虚拟目录
    
    	username: "unbound" #指定的系统用户安装默认创建
    
    	directory: "/etc/unbound" #配置文件所在的目录
    
    	log-time-ascii: yes #日志的同步时间戳
    
    	pidfile: "/var/run/unbound/unbound.pid" #这个服务的系统pid值
    
    	harden-glue: yes   #
    
    	harden-dnssec-stripped: yes
    
    	harden-below-nxdomain: yes
    
    	harden-referral-path: yes
    
    	use-caps-for-id: no
    
    	unwanted-reply-threshold: 10000000
    
    	prefetch: yes
    
    	prefetch-key: yes
    
    	rrset-roundrobin: yes
    	minimal-responses: yes
    
    	dlv-anchor-file: "/etc/unbound/dlv.isc.org.key"
    
    	trusted-keys-file: /etc/unbound/keys.d/*.key
    	auto-trust-anchor-file: "/var/lib/unbound/root.key"
    
    	val-clean-additional: yes
    
    	val-permissive-mode: no
    
    	val-log-level: 1
    
    
    	include: /etc/unbound/local.d/*.conf #读取的解析文件路径
    
    remote-control: #dns的控制设置
    	control-enable: yes
    
    	server-key-file: "/etc/unbound/unbound_server.key"
    
    	server-cert-file: "/etc/unbound/unbound_server.pem"
    
    	control-key-file: "/etc/unbound/unbound_control.key"
    
    	control-cert-file: "/etc/unbound/unbound_control.pem"
    
    # Stub and Forward zones
    
    include: /etc/unbound/conf.d/*.conf
    
    他的解析文件在 include: /etc/unbound/local.d/*.conf
    [root@100 ~]# cat /etc/unbound/local.d/aa.conf 
    local-zone: "hzy.com." static  #设置静态的域
    ##这一行是dns的默认参数设置可以不写
    local-data: "hzy.com. NS 100.hzy.com." #指定这个域里的dns服务器
    local-data: "hzy.com. MX 5 100.hzy.com." #指定这个域里的mail服务器
    local-data: "mail.hzy.com. IN A 192.168.137.100"
    local-data: "200.hzy.com. IN A 192.168.137.200"  
    local-data: "www.hzy.com. IN A 192.168.137.200"
    local-data: "ftp.hzy.com. IN A 192.168.137.200"
    local-data-ptr: "192.168.137.200 200.hzy.com"
    local-data-ptr: "192.168.137.200 www.hzy.com"
    
    [root@100 ~]# firewall-cmd --add-port=53/tcp --permanent
    [root@100 ~]# firewall-cmd --reload 
    
    测试
    [root@200 ~]# nslookup mail.hzy.com
    Server:		192.168.137.100
    Address:	192.168.137.100#53
    
    Name:	mail.hzy.com
    Address: 192.168.137.100
    
    [root@200 ~]# nslookup www.hzy.com
    Server:		192.168.137.100
    Address:	192.168.137.100#53
    
    Name:	www.hzy.com
    Address: 192.168.137.200
    

    4、配置postfix服务并使用dovecot收件服务测试

    安装
    [root@100 ~]# yum install -y dovecot postfix
    ##在redhat系统中默认postfix是安装的
    编辑/etc/postfix/main.cf
    [root@100 ~]# grep -v "#" /etc/postfix/main.cf |grep -v "^$"
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    mail_owner = postfix
    myhostname = 100.hzy.com
    mydomain = hzy.com
    myorigin = hzy.com
    inet_interfaces = all
    inet_protocols = all
    mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
    unknown_local_recipient_reject_code = 550
    mynetworks = 0.0.0.0/0
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    home_mailbox = Maildir/
    smtpd_banner = $myhostname ESMTP $mail_name
    debug_peer_level = 2
    debugger_command =
    	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    	 ddd $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.10.1/samples
    readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
    message_size_limit = 10485760 
    mailbox_size_limit = 1073741824 
    smtpd_sasl_type = dovecot 
    smtpd_sasl_path = private/auth 
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous 
    smtpd_sasl_local_domain = $myhostname 
    smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject 
    参数
    
    作用
    
    myhostname
    
    邮局系统的主机名
    
    mydomain
    
    邮局系统的域名
    
    myorigin
    
    从本机发出邮件的域名名称
    
    inet_interfaces
    
    监听的网卡接口
    
    mydestination
    
    可接收邮件的主机名或域名
    
    mynetworks
    
    设置可转发哪些主机的邮件
    
    relay_domains
    
    设置可转发哪些网域的邮件
    具体参数设置参考的是# [centos7搭建postfix邮件服务器](https://www.cnblogs.com/operationhome/p/9056870.html)
    
    编辑/etc/dovecot/dovecot.conf
    将监听的类型改成*
    [root@100 ~]# grep -v '#' /etc/dovecot/dovecot.conf |grep -v "^$"
    listen = *
    dict {
    }
    !include conf.d/*.conf
    !include_try local.conf
    
    编辑/etc/dovecot/conf.d/10-auth.conf
    [root@100 ~]# grep -v '#' /etc/dovecot/conf.d/10-auth.conf |grep -v "^$"
    disable_plaintext_auth = no ##开启明码文本认证
    auth_mechanisms = plain login 
    !include auth-system.conf.ext
    
    编辑/etc/dovecot/conf.d/10-mail.conf
    找到并修改mail_location = maildir:~/Maildir
    
    编辑/etc/dovecot/conf.d/10-master.conf
    89  # unix_listener auth-userdb {
     90     #mode = 0666
     91     #user = 
     92     #group = 
     93 #  }
     94 unix_listener /var/spool/postfix/private/auth {
     95 mode = 0666
     96 user = postfix
     97 group = postfix
     98 }
    
    编辑/etc/dovecot/conf.d/10-ssl.conf 
    因为没有设置ssl加密,所以ssl的值修改为 ssl = no
    [root@100 ~]# systemctl enable dovecot
    ln -s '/usr/lib/systemd/system/dovecot.service' '/etc/systemd/system/multi-user.target.wants/dovecot.service'
    [root@100 ~]# systemctl start dovecot.service 
    

    5、使用Foxmail测试

    使用系统用户:建议使用非登录系统用户
    [root@100 ~]# id bob
    uid=1001(bob) gid=1001(bob) 组=1001(bob)
    [root@100 ~]# id goudan
    uid=1002(goudan) gid=1002(goudan) 组=1002(goudan)
    

    image.png
    image.png

    image.png
    image.png

    简书链接
    ---END---

  • 相关阅读:
    Activiti 开发案例之动态指派任务
    SpringBoot开发案例之打造十万博文Web篇
    「玩转Python」打造十万博文爬虫篇
    SpringBoot开发案例Nacos配置管理中心
    「玩转Python」突破封锁继续爬取百万妹子图
    SpringBoot开发案例之分布式集群共享Session
    「玩转树莓派」树莓派 3B+ 配置无线WiFi
    「玩转树莓派」搭建智能家居远程监控系统
    「玩转树莓派」搭建属于自己的云盘服务
    「玩转树莓派」为女朋友打造一款智能语音闹钟
  • 原文地址:https://www.cnblogs.com/haozheyu/p/9920375.html
Copyright © 2020-2023  润新知