环境:centos 5.5 + postfix 2.3.3
[root@li165-150 ~]# postconf mail_version mail_version = 2.3.3
上次,http://blog.wxianfeng.com/2010/08/20/linode-mysql-got-error-28-from-storage-engine,刚刚解决了blog不能访问的问题 , 由于磁盘占满的原因 ,一天时间没到我的磁盘又被占满了,还是maillog在一直增长的原因,经过查找原因,原来我的mail server变成了肉鸡,被人拿来发送大量的垃圾邮件了,刚开始配的时候不太懂,没注意 open relay的情况 , http://blog.wxianfeng.com/2010/08/01/centos-install-mail-server,所以,必须关系open replay功能~!
1,什么是open – relay ?
顾名思义,relay的转发的意思 , Open-Relay(开放转发或匿名转发)是指由于邮件服务器不理会邮件发送者或邮件接受者的是否为系统所设定的用户,而对所有的入站邮件一律进行转发(RELAY)的功能。通常,若邮件服务器的此功能开放,则我们一般称此邮件服务器是Open-Relay的
2,怎么测我的mail server 是不是 open relay 的 ?
[root@li165-150 ~]# telnet mail.blog.wxianfeng.com 25 Trying 173.230.155.150... Connected to mail.blog.wxianfeng.com. Escape character is '^]'. 220 mail.blog.wxianfeng.com ESMTP Postfix mail from:ss@163.com 250 2.1.0 Ok rcpt to:wang.fl_1429@gmail.com 554 5.7.1 <wang.fl_1429@gmail.com>: Relay access denied
上面出现了 Relay access denied , 则说明你的mail server 不是 open replay的 ,如果可以成功发送email , 则说明 你的mail server 是 open replay的 ,另外 , 还可以通过以下网址测试:
http://verify.abuse.net/relay.html
直接输入 mail.blog.wxianfeng.com 测试
3,open-relay 后 , 被人盗寄的症状
>mailq 查看邮件队列,会发现里面有大量的邮件等待发送
>tail -f /var/log/maillog
出现了大量的像下面这样的log:
2010-08-21T05:52:31.424284-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<xlgaga@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.04/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html) 2010-08-21T05:52:31.425279-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<xocy@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.04/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html) 2010-08-21T05:52:31.426311-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<xup6ru4vm0@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.04/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html) 2010-08-21T05:52:31.427198-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<y2003625@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html) 2010-08-21T05:52:31.428079-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<yck1012.tw@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html) 2010-08-21T05:52:31.429149-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<yfjtommu@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html) 2010-08-21T05:52:31.430203-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<yfk134@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html) 2010-08-21T05:52:31.431290-04:00 li165-150 postfix/qmgr[8366]: 0C50427536: to=<yi05@yahoo.com.tw>, relay=none, delay=141354, delays=141354/0.05/0/0, dsn=4.7.1, status=deferred (delivery temporarily suspended: host mx2.mail.tw.yahoo.com[203.188.197.10] refused to talk to me: 421 4.7.1 [TS03] All messages from 173.230.155.150 will be permanently deferred; Retrying will NOT succeed. See http://postmaster.yahoo.com/errors/421-ts03.html)
从log中可以看出 , 你的mail server 正在发往yahoo的email,但是全部被拒绝了 ,
4,为什么 会被人盗寄?
网络上 会有很多人用 port scan工具扫描端口 , 当你的25端口, 被人测出是open relay的,这些人就会 充分利用你的mail server 来发垃圾邮件 ,发垃圾邮件的后果 ,可能会导致你的 ip被封 , 被世界垃圾邮件组织 把你ip 拉入黑名单 , 这时你的mail server 也就是废物了。
5,如果关闭 盗寄 的邮件?
我的mail server 有大量的 发送队列, 怎么清除 ,用下面命令
[root@li165-150 mail]# postsuper -d ALL postsuper: Deleted: 61178 messages
发现我清楚了 61178 封垃圾邮件队列 , 这样你的log 应该会停止了, 不会再狂刷了。。。
6,如何关闭open-relay ?
配置 postfix的 mynetworks
mynetworks = 127.0.0.1/32 # ip/netmask
我的整个 postfix main.cf 配置 :
[root@li165-150 ~]# postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases broken_sasl_auth_clients = yes command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 home_mailbox = Maildir/ html_directory = no inet_interfaces = $myhostname, localhost , 173.230.155.150 # 设置postfix服务监听的网络接口 通常是将所有的网络接口都开放,以便接收任何网络接口的邮件 mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname,$mydomain,localhost.$mydomain , localhost , $mydomain,mail.$mydomain,www.$mydomain # 设置可接收邮件的主机名称或域名 mydomain = blog.wxianfeng.com # 邮件域名 myhostname = mail.blog.wxianfeng.com # 邮件主机名 mynetworks = 127.0.0.1/32 # 设置可转发(Relay)哪些网络的邮件 myorigin = $mydomain # 由本机寄出的域名 newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES relay_domains = $mydestination # 设置可转发哪些网域的邮件 sample_directory = /usr/share/doc/postfix-2.3.3/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_sasl_auth_enable = yes # SASL来完成SMTP的SMTP-AUTH功能,postfix 本身没有认证机制 smtpd_sasl_local_domain = blog.wxianfeng.com smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot unknown_local_recipient_reject_code = 550 virtual_mailbox_domains = $mydomain
See:
http://www.raidenhttpd.com/jlbb/viewtopic.php?p=82160&sid=661a10a71ded2a6280fdd5ad6ba20101
http://www.linuxgoo.com/2005/66127/10433644999.html
http://blog.csdn.net/daisy_cheung/archive/2009/01/16/3795087.aspx
http://www.cnblogs.com/newversion/articles/1490910.html
环境:centos 5.5 + postfix + dovecot +SASL + Squirrelmail
postfix 提供smtp服务,dovecot 提供pop3,imap服务,sasl提供smtp认证服务, Squirrelmail 是webmail 用来收发邮件之用,最近需要发送email的服务,本想使用gmail的smtp的,后来索性就自己搭了个,以便熟悉mail服务器的搭建过程,一路下来,发现还真不是一件容易的事 ,这个还是比较简单的,还有加密传输,反垃圾邮件处理等等东西没弄,搭建过程中遇到的问题比较多, 问题最大的地方是 例如我用 gmail 发送邮件给 wxianfeng@blog.wxianfeng.com, 邮件收不到,gmail中也没有显示退信信息,说明邮件还是发出去了,最后发现是 postfix 的配置文件 mynetworks 配置错误 ……
上面的是我mail服务器搭建的选择,当然你也可以选择别的mail服务器 , 例如 smtp你可以选择sendmail , 或者你可以看看别人的mail服务器是什么,eg:
[root@li165-150 ~]# telnet vic360.com 25 # 或者 telnet vic360.com smtp Trying 221.6.104.142... Connected to vic360.com. Escape character is '^]'. 220 mail.vic360.com Kerio MailServer 6.3.1 ESMTP ready quit 221 2.0.0 SMTP closing connection Connection closed by foreign host. [root@li165-150 ~]# telnet vic360.com pop3 # 或者 telnet vic360.com 110 Trying 221.6.104.142... Connected to vic360.com. Escape character is '^]'. +OK Kerio MailServer 6.3.1 POP3 server ready <12927.1280636072@mail.vic360.com>
可以看出 vic360 的mail服务器选择的是 Kerio MailServer , 25 一般是 smtp的port , 110 是 pop3 的port
[root@li165-150 ~]# telnet mail.beebuyer.com smtp Trying 218.202.225.66... Connected to mail.beebuyer.com. Escape character is '^]'. 220 mobase.cn ESMTP MDaemon 9.5.1; Sun, 01 Aug 2010 12:21:07 +0800 quit 221 See ya in cyberspace Connection closed by foreign host. [root@li165-150 ~]# telnet mail.beebuyer.com pop3 Trying 218.202.225.66... Connected to mail.beebuyer.com. Escape character is '^]'. +OK mobase.cn POP MDaemon 9.5.1 ready <MDAEMON-F201008011221.AA2142193MD8611@mobase.cn>
可以看出 beebuyer.com 的 mail server 是 MDaemon 9.5.1
okay , 下面介绍 我的 mail server的搭建过程:
1,安装 postfix ,卸载sendmail
yum update yum remove sendmail yum install postfix
2,配置 postfix
>vim /etc/postfix/main.cf myhostname = mail.blog.wxianfeng.com mydomain = blog.wxianfeng.com myorigin = $mydomain inet_interfaces = $myhostname, localhost , 173.230.155.150 # 173.230.155.150 是我服务器IP mydestination = $myhostname,localhost.$mydomain , localhost , $mydomain,mail.$mydomain,www.$mydomain mynetworks = 0.0.0.0/0 home_mailbox = Maildir/ # email的存放地址 , 默认是存放在file中,你还可以配置mysql , 存到mysql 中
3,安装配置SASL + TLS
>yum install cyrus-sasl
>vim /etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = blog.wxianfeng.com
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
4,安装配置 Dovecot
>yum install dovecot >vim /etc/dovecot.conf protocols = pop3 pop3s imap imaps mail_location = maildir:~/Maildir/ # email的存放地址 pop3_uidl_format = %08Xu%08Xv auth default { mechanisms = plain login passdb pam { } userdb passwd { } socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } }
5,安装配置 Squirrelmail
>yum install squirrelmail >vim /etc/httpd/conf.d/squirrelmail.conf Alias /webmail /usr/share/squirrelmail # 配置apache >/usr/share/squirrelmail/config/conf.pl 2 -> 1 Domain : blog.wxianfeng.com # 配置域名 10 -> 2 Default Charset : utf-8 # 配置编码
6,重启所有服务
/etc/init.d/postfix restart /etc/init.d/dovecot restart /etc/init.d/saslauthd restart service httpd restart
7,测试安装是否成功
http://blog.wxianfeng.com:8080/webmail/src/configtest.php
http://blog.wxianfeng.com:8080/webmail 访问, 可以 收发email
8,创建mail用户
>adduser wxianfeng
>passwd 12345
9,本地测试收发email
smtp发:
>telnet localhost smtp Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.blog.wxianfeng.com ESMTP Postfix >ehlo localhost 250-mail.blog.wxianfeng.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN >mail from:wxianfeng 250 2.1.0 Ok >rcpt to:wxianfeng 250 2.1.5 Ok >data 354 End data with <CR><LF>.<CR><LF> test . # 以 . 结束输入 250 2.0.0 Ok: queued as 9729067C17 quit 221 2.0.0 Bye Connection closed by foreign host.
查看 发送队列
[root@mail ~]# cd /home/wxianfeng/Maildir/new [root@mail new]# ls 1185669817.Vfd00I18012M795756.mail.blog.wxianfeng.com [root@mail new]# cat 1185669817.Vfd00I18012M795756.mail.blog.wxianfeng.com
pop3 收 测试:
[root@li165-150 ~]# telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user wxianfeng +OK pass 12345 +OK Logged in. list +OK 11 messages: 1 483 2 453 3 809 4 853 5 2029 6 2671 7 2721 8 2870 9 3178 10 2749 11 2702 . retr 1 +OK 483 octets Return-Path: <wxianfeng@blog.wxianfeng.com> X-Original-To: wxianfeng@blog.wxianfeng.com Delivered-To: wxianfeng@blog.wxianfeng.com Received: from localhost (localhost [127.0.0.1]) by li165-150.blog.wxianfeng.com (Postfix) with ESMTP id D31F91331F for <wxianfeng@blog.wxianfeng.com>; Thu, 29 Jul 2010 03:35:50 -0400 (EDT) Message-Id: <20100729073619.D31F91331F@li165-150.blog.wxianfeng.com> Date: Thu, 29 Jul 2010 03:35:50 -0400 (EDT) From: wxianfeng@blog.wxianfeng.com To: undisclosed-recipients:; test .
10 , 域名 设置
必须保证你的 域名设置那有 mail.blog.wxianfeng.com 指向你的 ip , 或者你有 *.blog.wxianfeng.com 的 泛域名 解析
11,添加 MX record
在你的域名商那添加 MX record ,例如我的在godaddy,什么是mx record: 邮件交换记录(MX record)是一个DNS资源记录类型,它指出哪个主机能够处理一个特定域的e-mail。把godaddy默认的mx record删除掉,我的默认是下面的这两个,删除之:
Priority Host Goes To TTL 10 @ mailstore1.secureserver.net 1 Hour 0 @ smtp.secureserver.net 1 Hour
添加自己的:
Priority Host Goes To TTL
10 @ mail.blog.wxianfeng.com 1 Hour
设置好后 可能过段时间才生效,测试生效方法,.下面结果说明已经生效:
[root@li165-150 ~]# host -t mx blog.wxianfeng.com blog.wxianfeng.com mail is handled by 10 mail.blog.wxianfeng.com.
12,解决Squirrelmail 内中文email的乱码
在option(选项)那设置显示语言为 中文简体即可
13,如果你的Squirrelmail 不可以 收发邮件,可以直接远程telnet 测试
>telnet mail.blog.wxianfeng.com 25 mail from:wxianfeng rcpt to:wang.fl1429@gmail.com ......... >telnet mail.blog.wxianfeng.com 110 user wxianfeng pass 12345 list retr 1 ......
如果telnet 可以发送成功 , 就没 问题….
14,查看错误
如果过程中出现错误,可以随时查看log
>tail -f /var/log/maillog
that’s all , just do it
See :
http://www.mysql-apache-php.com/mailserver.htm
http://www.linuxmail.info/postfix-smtp-server-howto-centos-5/
douban blog 认领标识:
doubanclaim5c7c4eaf84713af2