mail2

黑名单

1.禁止IP登陆

vim /etc/postfix/access

172.25.254.124REJECT

postmap access

postconf -d | grep client

postconf -e "smtpd_client_restrictions = check_client_access hash:/etc/postfix/access"

systemctl restart postfix.service

测试：

[root@mail postfix]# telnet 172.25.254.224 25

Trying 172.25.254.224...

Connected to 172.25.254.224.

Escape character is '^]'.

220 mail.timo.com ESMTP Postfix

mail from:root@timo.com

250 2.1.0 Ok

rcpt to:root@rito.com

554 5.7.1 <unknown[172.25.254.124]>: Client host rejected: Access denied

quit

221 2.0.0 Bye

Connection closed by foreign host.

You have mail in /var/spool/mail/root

 

2.禁止某域的用户登陆

vim sender(名字任意)

taxing@timo.com         REJECT

postconf -d | grep sender

postconf -e "smtpd_sender_restrictions =check_sender_accesshash:/etc/postfix/sender"

postmap sender

systemctl restart postfix.service

 测试：

[root@mail postfix]# telnet 172.25.254.224 25

Trying 172.25.254.224...

Connected to 172.25.254.224.

Escape character is '^]'.

220 mail.timo.com ESMTP Postfix

mail from:taxing@timo.com

250 2.1.0 Ok

rcpt to:root@rito.com

451 4.3.5 <taxing@timo.com>: Sender address rejected: Server configuration error

421 4.4.2 mail.timo.com Error: timeout exceeded

Connection closed by foreign host.

 

3.禁止接收

vim recip(名字任意)

taxing@timo.com

postmap recip

postconf -d | grep recip

postconf -e "smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recip"

systemctl restart postfix.service

测试：

[root@mail postfix]# telnet 172.25.254.224 25

Trying 172.25.254.224...

Connected to 172.25.254.224.

Escape character is '^]'.

220 mail.timo.com ESMTP Postfix

mail from:root@timo.com

250 2.1.0 Ok

rcpt to:taxing@timo.com

451 4.3.5 <root@timo.com>: Sender address rejected: Server configuration error

 

4.数据库连接邮箱

vim /etc/hosts

172.25.254.124 mail.rito.com

网页创建数据库email，表muser

+----------------+----------+----------+-----------------------------+

| username       | password | domain   | maildir                     |

+----------------+----------+----------+-----------------------------+

| admin@rito.org | rito     | rito.org | /home/vmail/rito.org/admin/ |

+----------------+----------+----------+-----------------------------+

 

创建用户

MariaDB [(none)]> CREATE USER postfix@localhost identified by 'postfix';

Query OK, 0 rows affected (0.00 sec)

用户授权

MariaDB [(none)]> GRANT INSERT,UPDATE,SELECT ON email.* to postfix@localhost;

Query OK, 0 rows affected (0.00 sec)

查询

[root@mail thunderbird]# cd /etc/postfix/

[root@mail postfix]# ls

access     generic        main.cf    relocated  virtual

canonical  header_checks  master.cf  transport

 

[root@mail postfix]# vim mysql-users.cf

hosts = locahost

user = postfix

password = postfix

dbname = email

table = muser

select_field = username

where_field = username

 

[root@mail postfix]# vim mysql-domain.cf

hosts = locahost

user = postfix

password = postfix

dbname = email

table = muser

select_field = domain

where_field = domain

 

[root@mail postfix]# vim mysql-domain.cf

hosts = locahost

user = postfix

password = postfix

dbname = email

table = muser

select_field = maildir

where_field = username

检测

postconf -e | grep virtual

[root@mail postfix]# postconf -e "virtual_gid_maps = static:666"

[root@mail postfix]# postconf -e "virtual_uid_maps = static:666"

[root@mail postfix]# postconf -e "virtual_mailbox_maps = /home/vmail"

[root@mail postfix]# postconf -e "virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf"

[root@mail postfix]# postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf"

[root@mail postfix]# postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf"

 

vim main.cf

 virtual_gid_maps = static:666

 virtual_uid_maps = static:666

 virtual_mailbox_maps = mysql:/etc/postfix/mysql-maildir.cf

 virtual_alias_maps = mysql:/etc/postfix/mysql-users.cf

 virtual_mailbox_domains = mysql:/etc/postfix/mysql-domain.cf

 virtual_mailbox_base = /home/vmail

 

[root@mail vmail]# mail admin@rito.org

Subject: 123

123

123

.

EOT

[root@mail home]# cd vmail/

[root@mail vmail]# ls

rito.org

[root@mail vmail]# cd rito.org/

[root@mail rito.org]# ls

admin

[root@mail rito.org]# cd admin/

[root@mail admin]# ls

cur  new  tmp

[root@mail admin]# cd new/

[root@mail new]# ls

1481030344.Vfd01I24635aM472016.mail.rito.com

[root@mail new]# cat 1481030344.Vfd01I24635aM472016.mail.rito.com

Return-Path: <root@rito.com>

X-Original-To: admin@rito.org

Delivered-To: admin@rito.org

Received: by mail.rito.com (Postfix, from userid 0)

id B91D1246333; Tue,  6 Dec 2016 08:13:58 -0500 (EST)

Date: Tue, 06 Dec 2016 08:13:58 -0500

To: admin@rito.org

Subject: 123

User-Agent: Heirloom mailx 12.5 7/5/10

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

Message-Id: <20161206131358.B91D1246333@mail.rito.com>

From: root@rito.com (root)

 

123

123

 

5.虚拟用户接收邮件

yum install mysql

vim /etc/dovecot/dovecot-s

 32 driver=mysql

 71 connect = host =localhost dbname=email user=postfix password=postfix

 78 default_pass_scheme = PLAIN

 107 password_query = \

 108  SELECT username, domain, password \

 109   FROM muser WHERE  username = '%n' AND domain = '%d'

 125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM users WHERE usernam    e = '%u'

 

vim /etc/dovecot/dovecot.conf

49 login_trusted_networks = 0.0.0.0/24

disable_plaintext_auth = no

protocols = imap pop3 lmtp

 

cd /conf.d

vim 10-mail.conf

 30 mail_location = maildir:/home/vmail/%d/%n

 168 first_valid_uid = 666

 175 first_valid_gid = 666

 

vim 10-auth.conf

122 !include auth-system.conf.ext

123 !include auth-sql.conf.ext

 

安装雷鸟

./thunderbird-bin

 

6.空壳邮箱

vim /etc/named.rfc1912.zones

zone "rito.org" IN {

 38         type master;

 39         file "rito.org.zone";

 40         allow-update { none; };

 41 };

 vim rito.org.zone

  1 $TTL 1D

  2 @       IN SOA  dns.rito.org. root.rito.org. (

  3                                         0       ; serial

  4                                         1D      ; refresh

  5                                         1H      ; retry

  6                                         1W      ; expire

  7                                         3H )    ; minimum

  8                 NS      dns.rito.org.

  9 dns             A       172.25.254.124

 10 rito.org.       MX 1    172.25.254.124.

~                                            

 

[root@mail conf.d]# dig -t mx rito.org

 

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> -t mx rito.org

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12579

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;rito.org.INMX

 

;; ANSWER SECTION:

rito.org.86400INMX1 172.25.254.124.

 

;; AUTHORITY SECTION:

rito.org.86400INNSdns.rito.org.

 

;; ADDITIONAL SECTION:

dns.rito.org.86400INA172.25.254.124

 

;; Query time: 0 msec

;; SERVER: 172.25.254.124#53(172.25.254.124)

;; WHEN: Wed Dec 07 09:01:58 EST 2016

;; MSG SIZE  rcvd: 101

在空壳主机上224

vim /etc/postfix/main.cf

myhostname=mail.timo.com

mydomain=timo.com

myorigin=$mydomain

inet_interfaces = all

local_transport = erro:local delivery disabled

mydestination = ##空壳不接受任何类型邮件

relayhost = 172.25.254.124##被替代的服务器

 

systemctl restart postfix.service

 

在需要被空壳替代的主机上124

vim /etc/postfix/main.cf

mynetworks = 172.25.254.224 #空壳ip

 本文转自   Taxing祥   51CTO博客，原文链接:http://blog.51cto.com/12118369/1880624