groupadd -g 666 vmail
useradd -s /sbin/nologin -u 666 vmail -g 666
#############dovecot+mysql##################
1
yum install dovecot-mysql.x86_64 -y
#dovecot-mysql dovecot软件的插件,让此软件可以识别mysql
2
vim /etc/dovecot/dovecot.conf
24 protocols = imap pop3 lmtp #支持收件协议
48 login_trusted_networks = 0.0.0.0/0 #信任网络
49 disable_plaintext_auth = no #开启明文认证
vim /etc/dovecot/conf.d/10-auth.conf
123 !include auth-sql.conf.ext #开启mysql的认证方式
#生成dovecot读取mysql的配置
cp /usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext
vim /etc/dovecot/dovecot-sql.conf.ext
32 driver = mysql #数据库类型
71 connect = host=localhost dbname=email user=postuser password=postuser #查询时用到的信息
78 default_pass_scheme = PLAIN #默认认证方式为明文
107 password_query = \ #查询密码匹配
108 SELECT username, domain, password \ ##查询用户,域名,密码
109 FROM emailuser WHERE username = '%u' AND domain = '%d' ##从emailuser表中查询
125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM emailuser WHERE use rname = '%u'
##查询邮件内部内容
vim /etc/dovecot/conf.d/10-mail.conf
30 mail_location = maildir:/home/vmail/%d/%n #指定邮件位置
168 first_valid_uid = 666 #邮件文件查询用户身份
175 first_valid_gid = 666
systemctl restart dovecot
systemctl status httpd.service
systemctl status mariadb.service
systemctl status firewalld
测试
yum install telnet -y
[root@westos-mail ~]# telnet 172.25.254.117 110
Trying 172.25.254.117...
Connected to 172.25.254.117.
Escape character is '^]'.
+OK [XCLIENT] Dovecot ready.
user jia@jia.com #建立表中的用户名
+OK
pass jia #建立表中的密码(可在网页上查看)
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.
################空壳邮件##################
reset 217
配置eth0 yum
hostnamectl set-hostname nullmail.example.com
1
vim /etc/postfix/main.cf
75 myhostname = nullmail.example.com
83 mydomain = example.com
99 myorigin = westos.com # 设置为真实的主机域名
113 inet_interfaces = all
164 mydestination = ##空壳邮件不接受邮件,所以不设置
316 relayhost = 172.25.254.117 ##接替的真实主机的IP
systemctl restart postfix.service
测试
217
[root@nullmail ~]# mail root
Subject: 345
2
.
EOT
[root@nullmail ~]# mailq
Mail queue is empty
117
[root@westos-mail ~]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 3 messages 2 unread
>U 1 Mail Delivery System Wed May 31 04:15 73/2309 "Undelivered Mail Retu"
2 root Wed May 31 10:07 22/752 "fdsf"
U 3 root Wed May 31 10:09 22/750 "345"
& 3
Message 3:
From root@westos.com Wed May 31 10:09:02 2017
Return-Path: <root@westos.com>
X-Original-To: root@westos.com
Delivered-To: root@westos.com
Date: Wed, 31 May 2017 10:09:03 -0400
To: root@westos.com
Subject: 345
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: root@westos.com (root)
Status: RO
##################iptables###################
iptables是一个工作于用户空间的防火墙应用软件
三表五链
filter表 mangle表 nat表
INPUT链 OUTPUT链 FORWARD链 PREROUTING链 POSTROUTING链
reset 117,217
systemctl stop firewalld
systemctl disable firewalld
117 双网卡
217
IPADDR=172.25.0.217
PREFIX=24
GATEWAY=172.25.0.117
iptables
-t ##指定表名称
-n ##不做解析
-L ##列出指定表中的策略
-A ##增加策略
-p ##网络协议
--dport ##端口
-s ##数据来源
-j ##动作
ACCEPT ##允许
REJECT ##拒绝
DROP##丢弃
-N ##增加链
-E ##修改链名称
-X ##删除链
-D ##删除指定策略
-I ##插入
-R ##修改策略
-P ##修改默认策略
iptables -t filter -nL #查看filter表中的策略
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
iptables -F #刷掉filter表中的所有策略,当没有用-t指定表名称时默认是filter
service iptables save #保存当前策略
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
iptables -A INPUT -i lo -j ACCEPT #允许lo
iptables -A INPUT -p tcp --dport 22 -j ACCEPT #允许访问22 端口
iptables -A INPUT -s 172.25.254.250 -j ACCEPT #允许250主机访问
iptables -A INPUT -j REJECT #拒绝所有主机的数据来源
iptables -N redhat #增加链redhat
iptables -E redhat westos #改变链名称
iptables -X westos #删除westos链
iptables -D INPUT 2 #删除INPUT链中的第二条策略
iptables: Index of deletion too big.
iptables -I INPUT -p tcp --dport 80 -j REJECT #插入策略到INPUT中的第一条
iptables -R INPUT 1 -p tcp --dport 80 -j ACCEPT #修改第一条策略
iptables -P INPUT DROP #把INPUT表中的默认策略改为drop
iptables -P INPUT ACCEPT #把INPUT表中的默认策略改为accept
提高访问速度,缓解访问压力方法
iptables -A INPUT -i lo -m state --state NEW -j ACCEPT ##允许回环接口访问
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT ##允许状态是NEW访问22端口
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT ##允许访状态是NEW问80端口
[iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT ##允许访状态是NEW问443端口
iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT ##允许访状态是NEW问53端口
iptables -A INPUT -j REJECT ##拒绝所有主机数据来源
sysctl -a | grep forward ##查看forward状态
net.ipv4.ip_forward = 0
vim /etc/sysctl.conf ##开启内核路由
net.ipv4.ip_forward = 1
sysctl -p ##使生效
iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-dest 172.25.0.117 ####进入路由设置
iptables -t nat -A PREROUTING -o eth0 -j SNAT --to-source 172.25.254.117 ####出路由设置
##eth0为0网段的网卡