dovecot+mysql 空殼郵件 iptables

groupadd -g 666 vmail

useradd -s /sbin/nologin -u 666 vmail -g 666

#############dovecot+mysql##################

1

yum install dovecot-mysql.x86_64  -y

#dovecot-mysql dovecot軟體的插件，讓此軟體可以識别mysql

2

vim /etc/dovecot/dovecot.conf

24 protocols = imap pop3 lmtp            #支援收件協定   

48 login_trusted_networks = 0.0.0.0/0   #信任網絡

49 disable_plaintext_auth = no         #開啟明文認證

vim /etc/dovecot/conf.d/10-auth.conf

123 !include auth-sql.conf.ext           #開啟mysql的認證方式

#生成dovecot讀取mysql的配置

cp /usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext

vim /etc/dovecot/dovecot-sql.conf.ext

32 driver = mysql               #資料庫類型

71 connect = host=localhost dbname=email user=postuser password=postuser  #查詢時用到的資訊

78 default_pass_scheme = PLAIN  #預設認證方式為明文

107 password_query = \          #查詢密碼比對

108 SELECT username, domain, password \         ##查詢使用者，域名，密碼

109 FROM emailuser WHERE username = '%u' AND domain = '%d'      ##從emailuser表中查詢

125 user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM emailuser WHERE use    rname = '%u'

 ##查詢郵件内部内容

vim /etc/dovecot/conf.d/10-mail.conf

30 mail_location = maildir:/home/vmail/%d/%n   #指定郵件位置

168 first_valid_uid = 666                      #郵件檔案查詢使用者身份

175 first_valid_gid = 666

systemctl restart dovecot

systemctl status httpd.service

systemctl status mariadb.service

systemctl status firewalld

測試

yum install telnet -y

[root@westos-mail ~]# telnet 172.25.254.117 110

Trying 172.25.254.117...

Connected to 172.25.254.117.

Escape character is '^]'.

+OK [XCLIENT] Dovecot ready.

user [email protected]               #建立表中的使用者名

+OK

pass jia                     #建立表中的密碼（可在網頁上檢視）

+OK Logged in.

quit

+OK Logging out.

Connection closed by foreign host.

################空殼郵件##################

reset 217

配置eth0 yum

hostnamectl set-hostname nullmail.example.com

vim /etc/postfix/main.cf

75 myhostname = nullmail.example.com

83 mydomain = example.com

99 myorigin = westos.com            # 設定為真實的主機域名

113 inet_interfaces = all

164 mydestination =             ##空殼郵件不接受郵件，是以不設定

316 relayhost = 172.25.254.117    ##接替的真實主機的IP

systemctl restart postfix.service

217

[root@nullmail ~]# mail root

Subject: 345

.

EOT

[root@nullmail ~]# mailq

Mail queue is empty

117

[root@westos-mail ~]# mail

Heirloom Mail version 12.5 7/5/10.  Type ? for help.

"/var/spool/mail/root": 3 messages 2 unread

>U  1 Mail Delivery System  Wed May 31 04:15  73/2309  "Undelivered Mail Retu"

    2 root                  Wed May 31 10:07  22/752   "fdsf"

 U  3 root                  Wed May 31 10:09  22/750   "345"

& 3

Message  3:

From [email protected]  Wed May 31 10:09:02 2017

Return-Path: <[email protected]>

X-Original-To: [email protected]

Delivered-To: [email protected]

Date: Wed, 31 May 2017 10:09:03 -0400

To: [email protected]

User-Agent: Heirloom mailx 12.5 7/5/10

Content-Type: text/plain; charset=us-ascii

From: [email protected] (root)

Status: RO

##################iptables###################

iptables是一個工作于使用者空間的防火牆應用軟體

 三表五鍊

 filter表  mangle表  nat表

 INPUT鍊  OUTPUT鍊  FORWARD鍊  PREROUTING鍊  POSTROUTING鍊

reset 117,217

systemctl stop firewalld

systemctl disable firewalld

117 雙網卡

IPADDR=172.25.0.217

PREFIX=24

GATEWAY=172.25.0.117

iptables

-t  ##指定表名稱

-n  ##不做解析

-L  ##列出指定表中的政策

-A  ##增加政策

-p  ##網絡協定

--dport ##端口

-s  ##資料來源

-j  ##動作

ACCEPT ##允許

REJECT  ##拒絕

DROP##丢棄

-N  ##增加鍊

-E  ##修改鍊名稱

-X  ##删除鍊

-D  ##删除指定政策

-I  ##插入

-R  ##修改政策

-P  ##修改預設政策

iptables -t filter -nL            #檢視filter表中的政策

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

iptables -F                      #刷掉filter表中的所有政策，當沒有用-t指定表名稱時預設是filter

service iptables save                  #儲存目前政策

iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

iptables -A INPUT -i lo -j ACCEPT              #允許lo

iptables -A INPUT -p tcp --dport 22 -j ACCEPT       #允許通路22 端口

iptables -A INPUT -s 172.25.254.250 -j ACCEPT             #允許250主機通路

iptables -A INPUT -j REJECT              #拒絕所有主機的資料來源

iptables -N redhat                   #增加鍊redhat

iptables -E redhat westos             #改變鍊名稱

iptables -X westos                     #删除westos鍊

iptables -D INPUT 2                 #删除INPUT鍊中的第二條政策

iptables: Index of deletion too big.

iptables -I INPUT -p tcp --dport 80 -j REJECT    #插入政策到INPUT中的第一條

iptables -R INPUT 1 -p tcp --dport 80 -j ACCEPT     #修改第一條政策

iptables -P INPUT DROP              #把INPUT表中的預設政策改為drop

iptables -P INPUT ACCEPT             #把INPUT表中的預設政策改為accept

提高通路速度，緩解通路壓力方法

iptables -A INPUT -i lo -m state --state NEW -j ACCEPT    ##允許回環接口通路

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT   ##允許狀态是NEW通路22端口

iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT   ##允許訪狀态是NEW問80端口

[iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT  ##允許訪狀态是NEW問443端口

iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT   ##允許訪狀态是NEW問53端口

iptables -A INPUT -j REJECT       ##拒絕所有主機資料來源

sysctl -a | grep forward       ##檢視forward狀态          

net.ipv4.ip_forward = 0

vim /etc/sysctl.conf        ##開啟核心路由

net.ipv4.ip_forward = 1

sysctl -p             ##使生效

iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-dest 172.25.0.117     ####進入路由設定

iptables -t nat -A PREROUTING -o eth0 -j SNAT --to-source 172.25.254.117  ####出路由設定

##eth0為0網段的網卡

本文轉自 漂浮的天堂  51CTO部落格，原文連結：http://blog.51cto.com/12774215/1931153，如需轉載請自行聯系原作者