Postfix:修订间差异
第26行: | 第26行: | ||
=== Installation(安装) === | === Installation(安装) === | ||
In order to install Postfix with SMTP-AUTH and TLS do the following steps: <br>安装带SMTP- | In order to install Postfix with SMTP-AUTH and TLS do the following steps: <br>安装带SMTP-AUTHT和TLS的Postfix使用如下的命令: | ||
<pre><nowiki> | <pre><nowiki> |
2009年9月18日 (五) 15:51的版本
Postfix 快速指南
原文出处:官方wiki
原文作者:
授权许可:
翻译人员:speme
校正人员:
贡献人员:
适用版本: 文章状态:等待校正
Introduction(介绍)
Postfix is a Mail Transfer Agent
(MTA) which is the default MTA for Ubuntu. It is in Ubuntu's main repository, which means that it receives security updates. This guide explains how to install and configure postfix and set it up as an SMTP server using a secure connection.
Postfix是一个邮件传输客户端
(MTA),它也是ubuntu中默认的邮件传输客户端.它是Ubuntu的main软件库中的一个软件.这意味着它拥有安全更新.这份指南告诉你如何安装及配置postfix并将其设置成一个使用安全连接的SMTP服务器.
Installation(安装)
In order to install Postfix with SMTP-AUTH and TLS do the following steps:
安装带SMTP-AUTHT和TLS的Postfix使用如下的命令:
apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail
我安装的时候找不到libdb3-util ,是8.10 version
Configuration(配置)
Run:
运行:
dpkg-reconfigure postfix
Insert the following details when asked (replacing server1.example.com with your domain name if you have one):
当要求提供相关信息时输入如下的信息(如果你拥有一个域名的话,将server1.example.com替换成你自己的域名):
- Internet Site
- NONE
- server1.example.com
- server1.example.com, localhost.example.com, localhost
- No
- 127.0.0.0/8
- Yes
- 0
- +
- all
Then run the following commands:
运行下列命令:
postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server1.example.com'
The file /etc/postfix/main.cf should now look like this: /etc/postfix/main.cf
这个文件应当是如下的内容:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h myhostname = server1.example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = server1.example.com, localhost.example.com, localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom
Restart the postfix daemon like this:
重启postfix守护进程:
/etc/init.d/postfix restart
Authentication(验证)
Authentication will be done by saslauthd.
使用saslauthd来执行验证
We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have change a couple paths to live in the false root. (ie. /var/run/saslauthd becomes /var/spool/postfix/var/run/saslauthd):
我们应当修改一些内容来令saslauthd正常工作.因为Postfix需要将根目录更改为/var/spool/postfix ,我们应当将那些使用不正确根目录的目录更改为正确的.(例如:将/var/run/saslauthd 修改为/var/spool/postfix/var/run/saslauthd):
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
以上没有说明 怎么更改,这里给出方法 ,做一些小的修改,以便于postfix可以通过saslauthd工作 修改方法如下:
mkdir -p /var/spool/postfix/var/run/saslauthd
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
First we edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the PWDIR, PARAMS, and PIDFILE lines:
首先,我们需要编辑/etc/default/saslauthd 以激活 saslauthd . 请将 START=yes 之前的 # 号去掉并添加 PWDIR, PARAMS 和 PIDFILE 行:
# This needs to be uncommented before saslauthd will be run automatically START=yes PWDIR="/var/spool/postfix/var/run/saslauthd" PARAMS="-m ${PWDIR}" PIDFILE="${PWDIR}/saslauthd.pid" # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam"
Note: If you prefer, you can use "shadow" instead of "pam". This will use MD5 hashed password transfer and is perfectly secure. The username and password needed to authenticate will be those of the users on the system you are using on the server.
注 : 如果你喜欢的话,你可以使用"shadow"来替换"pam" .这将使用MD5生成的哈希值来传输以得到更高的安全性. 需要验证的用户名及密码将是那些你服务器上的系统上的.
Next, we update the dpkg "state" of /var/spool/portfix/var/run/saslauthd. The saslauthd init script uses this setting to create the missing directory with the appropriate permissions and ownership:
下一步: 我们更新 dpkg 中 /var/spool/portfix/var/run/saslauthd 的状态. saslauthd 的启动脚本需要一个特定的用户权限来建立一个新的目录.
dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
Finally, start saslauthd:
最后,启动saslauthd:
/etc/init.d/saslauthd start
Testing(测试)
To see if SMTP-AUTH and TLS work properly now run the following command:
要查看SMTP-AUTH 及TLS能否正常工作请使用如下命令:
telnet localhost 25
After you have established the connection to your postfix mail server type
在您建立了与您的postfix邮件服务器类型的连接之后
ehlo localhost
If you see the lines
如果你看到如下行
250-STARTTLS 250-AUTH
among others, everything is working.
在其它内容之上,表明一切正常.
Type quit
to return to the system's shell.
输入 quit 以返回系统.
Other Postfix Guides(其它 Postfix 指南)
These guides will teach your howto setup Postfix mail servers from basic to advanced.
这些指南将从基本层面到高级层面告诉你如何配置Postfix邮件服务器.
Postfix Basic Setup(Postfix 基本设置指南)
Postfix Basic Setup Howto will teach you the concepts of Posfix and how you can get Postfix basics setup up and running. If you are new to Postfix it is recomended to follow this guide first.
Postfix 基本设置指南将告诉你Postfix的概念以及你如何进行Postfix的基本设置并使其工作.如果你是Postfix的新手,建议你首先使用这份指南.
Postfix Virtual Mailbox and Antivirus Filtering (Postfix 虚拟邮箱和病毒过滤)
Postfix Virtual MailBox ClamSmtp Howto will teach you howto setup a Virtual mailboxes using non-linux accounts where each user will authenticate using their e-mail address with Dovecot POP3/IMAP server and ClamSMTP Antivirus to filter both incoming and out going mails for known viruses.
Postfix 虚拟邮箱和病毒过滤指南将告诉你如何设置通过非linux帐户来验证的虚拟邮箱,它使用e-mail地址及Dovecot POP3/IMAP 服务器执行验证.以及如何使用 ClamSMTP 反病毒软件来过滤接收及发送邮件中的已知病毒.
Postfix Complete Solution(Postfix 完全解决方案)
Postfix Complete Virtual Mail System Howto will help you if you are managing a large number of virtual domains at an ISP level service provider or in a large corporation where you mange few hundred or thousand mail domains. This guide is appropriate if you are looking a complete solution with:
Postfix 完整虚拟邮件系统指南将帮助你管理ISP级别的成千上万的虚拟域名,或在一个大型组织中帮助你管理成百上千的邮件域名.当你寻找一份与下述内容有关的完全解决方案时建议你阅读这份指南:
- Web based system administration 基于网页的系统管理
- Unlimited number of domains 无限制数量的域名
- Virtual mail users without the need for shell accounts 不需要shell帐号的虚拟邮件用户
- Domain specific user names 特定域名的用户名
- Mailbox quotas 邮箱引用
- Web access to email accounts 通过网页来使用邮箱
- Web base interface to change user passwords 通过网页形式来更改用户密码
- IMAP and POP3 support IMAP及POP3支持
- Auto responders 自动回复
- SMTP Authentication for secure relaying 通过SMTP验证以实现安全传递
- SSL for transport layer security 通过SSL以实现传输层安全传输
- Strong SPAM filtering 强垃圾邮件过滤
- Anti-Virus filtering 反病毒过滤
- Log Analysis 日志审计