環境一樣是在Ubuntu 16.04
因為這三者彼此有關連,所以我就直接貼上最終設定,
前提我在同一台Linux架設好了DNS Server (可參考另一篇)
我的domain name: example.com.tw
然後我系統有一個使用者在叫marry, 密碼: 1234
#adduser marry
前三個章節為架設環境,後面的章節是一些使用方式說明。
1. Postfix:
- 用途: MTA角色,使用SMTP協定寄信。
- 安裝:
sudo apt-get update
sudo DEBIAN_PRIORITY=low apt-get install postfix
sudo apt-get install mailutils
如果選單不小心跳過,可以透過以下指令在安裝一次
sudo dpkg-reconfigure -plow postfix (透過選單方式去安裝,記得選Internet Site)
- 設定
vim /etc/postfix/main.cf
myorigin = $myhostname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=no
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = josh.example.com.tw
mydomain = example.com.tw
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, josh-TravelMate-8372, localhost.localdomain, , localhost, example.com.tw
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_recipient_restrictions = permit_mynetworks,reject_non_fqdn_recipient,check_client_access hash:/etc/postfix/pop-before-smtp,reject_unauth_destination
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = ' '
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous
#smtpd_sasl_path = smtpd
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
- 服務:
/etc/init.d/postfix check
/etc/init.d/postfix reload
/etc/init.d/postfix restart | start | stop
- 驗證
netstat -tl | grep smtp
root@josh-TravelMate-8372:/home/josh# netstat -tl | grep smtp
tcp 0 0 *:smtp *:* LISTEN
tcp6 0 0 [::]:smtp [::]:* LISTEN
2. Dovecot:
- 用途: 提供收信功能(POP3 110)/ IMAP
- 安裝
sudo apt-get install dovecot-imapd dovecot-pop3d
- 設定
vim /etc/dovecot/dovecot.conf
protocols = pop3
vim /etc/dovecot/conf.d/10-master.conf
service pop3-login {
inet_listener pop3 {
port = 110
#port = 0
}
inet_listener pop3s {
port = 995
#ssl = yes
}
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
user = dovecot
}
vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login
- 服務
/etc/init.d/dovecot restart | start | stop
- 驗證
root@josh-TravelMate-8372:/home/josh# netstat -ltup | grep dovecot
tcp 0 0 *:sieve *:* LISTEN 1027/dovecot
tcp 0 0 *:pop3 *:* LISTEN 1027/dovecot
tcp 0 0 *:imap2 *:* LISTEN 1027/dovecot
tcp6 0 0 [::]:sieve [::]:* LISTEN 1027/dovecot
tcp6 0 0 [::]:pop3 [::]:* LISTEN 1027/dovecot
tcp6 0 0 [::]:imap2 [::]:* LISTEN 1027/dovecot
3. pop-before-smtp:
- 用途: 看說明,應該是避免mail server被亂拿去亂寄一些垃圾,反正這概念重點是,以往透過SMTP寄信,需要認證,那透過POP收件也需要認證,所以開發出這個,在寄信之前你必須先透過POP收信,然後SMTP後利用這暫純驗證資料去寄信,就不需要再次認證了。 (為什麼說是暫存,因為這驗證資料是有expire time的,利用IP去辨識)
- 安裝
apt-get install libtimedate-perl libnet-netmask-perl libberkeleydb-perl
這邊要自己去download
download package from https://sourceforge.net/projects/popbsmtp/
會下載 pop-before-smtp-1.42.tar.gz
解tar之後
到pop-before-smtp資料夾下:
cp pop-before-smtp.init /etc/init.d/pop-before-smtp
cp pop-before-smtp /usr/sbin/
cp pop-before-smtp-conf.pl /etc
- 啟動遇到錯誤的解法
Starting pop-before-smtp: Insecure dependency in open while running with -T switch at /usr/sbin/pop-before-smtp line 304. failed
Solution:
sudo apt-get install gdebi-core
cd Downloads/
wget -N -O "pop-before-smtp.deb" "http://www.dinofly.com/files/linux/pop-before-smtp.deb"
sudo gdebi --n "pop-before-smtp.deb"
- 設定
vim /etc/pop-before-smtp-conf.pl
$dbfile = '/etc/postfix/pop-before-smtp';
$grace = 30*60;
$file_tail{'name'} = '/var/log/maillog';
$pat = '^[LOGTIME] \S+ (?:dovecot: )?(?:imap|pop3)-login: ' .
'Login: .*? (?:\[|rip=)[:f]*(\d+\.\d+\.\d+\.\d+)[],]';
- 服務
/etc/init.d/pop-before-smtp start
- 驗證
#pop-before-smtp --list
The database holds 1 IP:
172.16.166.160
Warning: unable to close filehandle properly: Bad file descriptor during global destruction.
config file: /etc/pop-before-smtp-conf.pl
watchlog: /var/log/mail.log
dbfile: /etc/postfix/pop-before-smtp
pat: "^[LOGTIME] \S+ (?:dovecot: )?(?:imap|pop3)-login: Login: .*? (?:\[|rip=)[:f]*(\d+\.\d+\.\d+\.\d+)[],]"
logtime_pat: "(\w\w\w +\d+ \d+:\d+:\d+)"
#pop-before-smtp --debug --nowrite --reprocess
Sep 27 14:24:26 starting up
Sep 27 14:24:26 Using 1 value for pre-authorized networks: `127.0.0.0/8'
Sep 25 14:06:20 ignoring local-net ip=127.0.0.1
Sep 25 14:06:43 ignoring local-net ip=127.0.0.1
Sep 25 14:07:58 ignoring local-net ip=127.0.0.1
Sep 25 14:09:17 ignoring local-net ip=127.0.0.1
Sep 25 14:10:20 ignoring local-net ip=127.0.0.1
Sep 25 14:41:11 ignoring local-net ip=127.0.0.1
Sep 25 14:55:28 found ip=172.16.166.160 (0)
Sep 25 14:55:28 setting expiration time for ip=172.16.166.160 to 1506324328
Sep 25 14:55:28 added 172.16.166.160 to DB
- 相關網站
官網: http://popbsmtp.sourceforge.net/ (包含所有所需資料)
鳥哥設定網站: http://linux.vbird.org/somepaper/20030514-pop-befoer-smtp.php
4. Send mail via CURL
no password
#curl --url 'smtp://example.com.tw' -v --mail-from 'josh@example.com.tw' --mail-rcpt 'marry@example.com.tw' --upload-file mail.txt
~ # cat mail.txt
From: "josh tang" <tang741227@mail.example.com.tw>
To: "josh tang" <josh.tang@mail.example.com.tw>
Subject: It's test mail.
Hello World~~~
with password
#curl --url 'smtp://example.com.tw' -v --mail-from 'josh@example.com.tw' --mail-rcpt 'marry@example.com.tw' --upload-file mail.txt --user 'marry:1234'
5. Login POP3 via CURL
#curl pop3://marry:1234@example.com.tw
Read first mail
#curl pop3://marry:1234@example.com.tw/1
6. Login POP3 via Telnet
#telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user marry
+OK
pass 1234
+OK Logged in.
stat
+OK 2 850
list
+OK 2 messages:
1 425
2 425
.
retr 1
+OK 425 octets
Return-Path: <josh@example.com.tw>
X-Original-To: marry@example.com.tw
Delivered-To: marry@example.com.tw
Received: from mail.txt (unknown [172.16.166.197])
by josh.example.com.tw (Postfix) with ESMTP id 0314D6C26EE
for <marry@example.com.tw>; Wed, 27 Sep 2017 10:25:18 +0800 (CST)
From: "josh tang" <tang741227@mail.example.com.tw>
To: "josh tang" <josh.tang@deltaww.com>
Subject: [SPAM] It's
Test by josh.
.
quit
+OK Logging out.
Connection closed by foreign host.
這是為了驗證自己架設的POP3是否work,這邊用的就是Dovecot。
更多指令: https://www.shellhacks.com/retrieve-email-pop3-server-command-line/
6. 如何在Outlook設定啟用pop-before-smtp
帳戶設定->選擇修復->手動設定->其他設定->外寄伺服器
選擇 "再傳送郵件前登入內送郵件伺服器"
參考網站: https://support.microsoft.com/ja-jp/help/881623
沒有留言:
張貼留言