CentOS7部署DNS和E-mail服务
配置DNS服务
安装bind包
yum install bind bind-utils
编辑主配置文件,更改如下参数
vi /etc/named.conf
listen-on port 53 { any; };
allow-query { any; };
include "/etc/named.rfc1912.zones";
定义zone,正向和反向解析配置
vi /etc/named.rfc1912.zones
zone "localyum.com" IN {
type master;
file "localyum.com.zone";
allow-update { none; };
};
zone "71.80.168.192.in-addr.arpa" IN {
type master;
file "192.168.80.71.zone";
allow-update { none; };
};
定义正向解析文件
cd /var/named/
cp named.localhost localyum.com.zone
vi localyum.com.zone
$TTL 1D $ORIGIN localyum.com. @ IN SOA ns.localyum.com. admin.localyum.com. ( 2017101401 ; serial 1H ; refresh 10M ; retry 1W ; expire 3H ) ; minimum NS ns MX 10 mail ns A 192.168.80.71 mail A 192.168.80.71 www A 192.168.80.71
定义反向解析文件
chmod .named localyum.com.zone
named-checkconf #检查配置文件
named-checkzone localyum.com /var/named/localyum.com.zone #检查域名配置
cp named.loopback 192.168.80.zone
vi 192.168.80.71.zone
$TTL 1D @ IN SOA ns.localyum.com. admin.localyum.com. ( 001 ; serial 1D ; refresh 1H ; retry 1W ; expire 3H ) ; minimum NS @ A 192.168.80.71 PTR www.localyum.com. PTR mail.localyum.com.
重载配置或重启dns服务,注意看日志是否报错
chown .named 192.168.80.zone
named-checkconf
rndc reload 或者 systemctl restart named
ss -tnl
先测试外网dns解析
more /etc/resolv.conf
ip route
host www.baidu.com
dig -t NS www.qq.com
dig -t NS . #是否能够解析互联网根dns服务器
添加本地dns地址
cd /etc/sysconfig/network-scripts/
vi ifcfg-eth1
DNS1=192.168.80.71
DNS2=192.168.80.2
systemctl restart network
more /etc/resolv.conf #显示如下
nameserver 192.168.80.71
nameserver 192.168.80.2
测试本地dns解析
ip route
host -t A www.localyum.com
dig -t A www.localyum.com @192.168.80.71
dig -t NS . @192.168.80.71
dig -t MX mail.localyum.com @192.168.80.71
dig -x 192.168.80.71 @192.168.80.71
MX记录还是有问题!
解析结果:
[root@c1 named]# host -t A www.localyum.com
www.localyum.com has address 192.168.80.76
###正向解析
[root@c1 named]# dig -t A www.localyum.com @192.168.80.71
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -t A www.localyum.com @192.168.80.71 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60945 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.localyum.com. IN A ;; ANSWER SECTION: www.localyum.com. 86400 IN A 192.168.80.76 ;; AUTHORITY SECTION: localyum.com. 86400 IN NS ns.localyum.com. ;; ADDITIONAL SECTION: ns.localyum.com. 86400 IN A 192.168.80.71 ;; Query time: 0 msec ;; SERVER: 192.168.80.71#53(192.168.80.71) ;; WHEN: Sun Oct 15 20:45:59 CST 2017 ;; MSG SIZE rcvd: 94
###反向解析
[root@c1 named]# dig -x 192.168.80.71 @192.168.80.71
; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> -x 192.168.80.71 @192.168.80.71 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46195 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;71.80.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 71.80.168.192.in-addr.arpa. 86400 IN PTR mail.localyum.com. 71.80.168.192.in-addr.arpa. 86400 IN PTR www.localyum.com. ;; AUTHORITY SECTION: 71.80.168.192.in-addr.arpa. 86400 IN NS 71.80.168.192.in-addr.arpa. ;; ADDITIONAL SECTION: 71.80.168.192.in-addr.arpa. 86400 IN A 192.168.80.71 ;; Query time: 1 msec ;; SERVER: 192.168.80.71#53(192.168.80.71) ;; WHEN: Sun Oct 15 20:45:24 CST 2017 ;; MSG SIZE rcvd: 134
##########################
配置E-mail服务
安装软件包
yum install postfix dovecot cyrus-sasl-*
配置postfix
vi /etc/postfix/main.cf #参考如下修改,有些参数是默认的不用改,最后的smtpd_sasl配置需手动添加
grep "^[^#]" /etc/postfix/man.cf
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix myhostname = mail.localyum.com mydomain = localyum.com myorigin = $mydomain inet_interfaces = all inet_protocols = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, www.$mydomain, ftp.$mydomain local_recipient_maps = unknown_local_recipient_reject_code = 550 mynetworks = 0.0.0.0/0 relay_domains = $mydestination alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases home_mailbox = Maildir/ debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.10.1/samples readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,reject_unauth_destination,permit_mynetworks smtpd_client_restrictions = permit_sasl_authenticated
配置dovecot
vi /etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
listen = *, ::
vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain
!include auth-system.conf.ext
vi /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
namespace inbox {
first_valid_uid = 1000
mbox_write_locks = fcntl
vi /etc/dovecot/conf.d/10-ssl.conf
ssl = no
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
配置saslauthd认证
vi /etc/sysconfig/saslauthd
SOCKETDIR=/run/saslauthd
MECH=shadow
FLAGS=
vi /usr/lib64/sasl2/smtpd.conf #没有的话就创建该文件
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 3
启动服务
systemctl restart postfix dovecot saslauthd
systemctl status postfix dovecot saslauthd
ss -tnl
新建用户并测试收发邮件
more /etc/passwd
useradd usera
echo redhat | passwd --stdin usera
useradd userb
echo redhat | passwd --stdin userb
ll /home/usera/Maildir/
systemctl enable named postfix dovecot saslauthd
之后就可以通过Foxmail等邮件客户端登录互相收发邮件了,注意需要配置辅助dns为192.168.80.71,这样才能解析本地域名mail.localyum.com
主机端口监听情况如下:
[root@c1 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 *:110 *:* LISTEN 0 100 *:143 *:* LISTEN 0 10 192.168.80.71:53 *:* LISTEN 0 10 192.168.10.71:53 *:* LISTEN 0 10 127.0.0.1:53 *:* LISTEN 0 128 *:22 *:* LISTEN 0 100 *:25 *:* LISTEN 0 128 127.0.0.1:953 *:* LISTEN 0 100 :::110 :::* LISTEN 0 100 :::143 :::* LISTEN 0 10 ::1:53 :::* LISTEN 0 128 :::22 :::* LISTEN 0 100 :::25 :::* LISTEN 0 128 ::1:953 :::*
[root@c1 ~]# netstat -tnlp
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1042/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1042/dovecot tcp 0 0 192.168.80.71:53 0.0.0.0:* LISTEN 2233/named tcp 0 0 192.168.10.71:53 0.0.0.0:* LISTEN 2233/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 2233/named tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1023/sshd tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 2233/named tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1169/master tcp6 0 0 :::110 :::* LISTEN 1042/dovecot tcp6 0 0 :::143 :::* LISTEN 1042/dovecot tcp6 0 0 ::1:53 :::* LISTEN 2233/named tcp6 0 0 :::22 :::* LISTEN 1023/sshd tcp6 0 0 ::1:953 :::* LISTEN 2233/named tcp6 0 0 :::25 :::* LISTEN 1169/master
本文出自 “rackie” 博客,请务必保留此出处http://rackie386.blog.51cto.com/11279229/1972618