Mail System Postfix Installation and Configuration (2)

xiaoxiao2021-03-06  106

Http://linuxaid.com.cn Bye2000 This article is copyrighted by LinuxAID and the author

5. Re-delivery control of delayed mail can be re-delivered to the delayed mail by several parameters: queue_run_delay: Set queue management to scan the frequency of the deferred mail queue, the default is 1000 seconds. Maximal_Queue_lifetime: Sets Postfix before returning to the delivery, returning the delivery time before the delivery of the message is delayed, and the email is delayed in the DEFERRED mail queue. MINIMAL_BACKOFF_TIME: When a mail delivery fails, the mail queue will ignore the existence of the email within a period of time, which is the time stamp before we talk. This parameter is used to set the smallest time stamp. The default is 1000 seconds. Maximal_backoff_time: Set the maximum time schedule. 6. Processing Postfix on the Deny Service Attack POSTFIX sets an error counter for each SMTP session. When the request is not accepted or violated, the counter is increased by 1. As the counter increases, Postfix will take different measures to prevent malicious users from rejecting service attacks. SMTPD_ERROR_SLEP_TIME: When the value of the error counter is still small, Postfix will pause the time specified by SMTPD_ERROR_SLEP_TIME and report an error to the client. The default value of this parameter is 5 seconds. SMTPD_SOFT_ERROR_LIMIT: When the value of the error counter exceeds the value specified by this parameter, Postfix will sleep for a while before the client requests. The default is 10. SMTPD_HARD_ERROR_LIMIT: When the value of the error counter exceeds the value specified by this parameter, PostFix interrupts the connection with the client. The default value is 100.4.5 Postfix's control of the resource through a specific PostFix configuration parameter, we can implement flexible control of the resource consumed at PostFix runtime. You can control the resource consumed by postfix by the following aspects: 1. Limiting the size of the object in memory to control the consumption of the memory resource, and must control the size of the object in the memory. You can use the following parameters to control the size of the object: line_length_limit: Controls the size of each line when reading data, if it is too long to split it into a shorter row, too long, then restructuring. The default is 2048 bytes. HEADER_SIZE_LIMIT: Restrict the length of the header. The default is 102400bytes. Message_size_limit: Limits the size of the Postfix queue file. The default is 10240000 BYTES. Queue_minfree: The size of the space available in the mail queue. The default is unlimited. It is recommended that the value is the best when the value is best to process the big email. BOUNCE_SIZE_LIMIT: Limit a message that is not delivered to the sender, the default value is 50000 bytes. 2. Limit the number of internal objects QMGR_MESSAGE_RECIPIENT_LIMIT: Set the maximum number of recipient addresses in memory. The default is 10000. QMGR_MESSAGE_ACTIVE_LIMIT: Sets the maximum number of emails in the Active mail queue. The default is 1000. Duplicate_filter_limit: Set the maximum number of recipient addresses that require local and Cleanup background programs. The default is 1000. 3. Limit the time comMAND_time_limit that is waiting for an external command to complete: Set the time that the local program waits for the time to complete. The default is 1000 seconds. 4. Limit file locking operation time DELIVER_LOCK_ATTEMPTS: Set the maximum number of attempts to lock a file. The default is 5 times.

DELIVER_LOCK_DELAY: Set the wait time attempt again if the lock is locked, the default is 1 second. 5. Control errors Restore In some cases (such as high load), postfix may die, then the master process will try to restart the process, we can control this behavior through the following parameters: fork_attempts: Trial Raise the maximum number of times of a process. The default is 5 times. Fork_DELAY: Waiting time between every two attempts, the default is 1 second. TRANSPORT_RETRY_TIME: The queue management process is attempted to connect to an abnormal delivery proxy process every twice. The default is 60 seconds. 4.6 Address Operation 1 in Postfix 1. Before the address is rewritten as a standard format, it is preferred to request the Trivial-Rewrite process to rewrite the new mail address into a standard user@fully.qualified.domain format. The purpose of rewriting is to reduce the entry in the query table, thereby providing the efficiency of the query. The TRIVIAL-REWRITE process can implement the following address rewritments: * Add the address of the source routing information such as @ Hosta, @ hostb: user @ site writes to user @ site because Postfix does not support address formats that contain source routing information. * Remove the address of User% Domain into user @ domain. This feature can be controlled by the allow_percent_hack parameter, and its default value is YES. * Remove the address containing only USER to User @ $ myorigin. This feature can be controlled by the APPEND_AT_MYORIGIN parameter, and its default value is YES. It is best not to change its default, because most PostFix processes are better at handling address, such as User @ $ myorigin. * Remove the address of User @ Host to User@host. $ MYDOMAIN. This feature can be controlled by the APPEND_DOT_MYDOMAIN parameter, and its default value is YES. * Remove the address of User @ Site. The last point is removed. 2. The Cleanup process will be more readable according to the query specification table before the Cleanup process is stored in the incoming mail queue. Mainly replacing the address of the firstname.lastname style and clear the invalid domain. The default postfix is ​​not modified by the specification address, you can take effect by specifying the value of the canonical_maps parameter. Such as: canonical_maps = hash: / etc / postfix / canonical also specifies a different rewritable specification, respectively, respectively, and the parameter sender_canonical_maps and Recipient_canonical_maps are high than canonical_maps. Such as: sender_canony_maps = has: / etc / postfix / sender_canonical recipient_canical_maps = hash: / etc / postfix / recipient_canonical3. Address spoofing is to rewrite the address of user@host.domain into user @ domain or user@other.domain, which seems to be the same as issued from other mail servers.

The default is forbidden, you can use parameter maasquerade_domains to take effect, such as: masquerade_domains = $ mydomain can also be deceived by the Masquerade_Exceptions parameter, such as: masquerade_exceptions = root Note: Address spoof only The human address has a function. 4. The virtual address mapping After using the specification address mapping and address spoof, Cleanup will use the virtual table mapping to redirect the message to all recipients. Note that this operation only acts on the recipient address on the letterhead. This way, we can deliver messages sent to the virtual domain to the real user's mailbox. The alias database of the system can also play the same role. By default, this feature is forbidden, you can take effect with parameter Virtual_maps, such as: Virtual_Maps = Hash: / etc / postfix / Virtual 5. Relocated Database Query Relocated table provides users who send mail to have no account in the system. By default, this feature is prohibited, you can use parameter Relocated_maps to take effect, such as Relocated_Maps = Hash: / etc / postfix / relocated 6. The alias database query When the message is delivered locally, the local delivery agent process will query the alias of the recipient in the alias database (Linux under / etc / aliases). This action does not act on the address in the mail letterhead. You can use Alias_Maps to specify the alias database. By default, this feature is valid, such as: alias_maps = hash: / etc / aliases can control the path to the alias database via the Alias_Database parameter, such as: alias_database = hash: / etc / aliases 5, postfix configuration instance 5.1 is dial-up user Configuring Postfix assumes that there is a small company to send mail through the ISP SMTP server (assuming its domain name mail.isp.com, IP address is 201.110.1.100); employees inside the company pass through the company's SMTP server (run Postfix ) Sending and receiving emails, let's configure the SMTP server within the company. 1. Because there is no fixed IP and domain name, you must specify the ISP SMTP server as a mail gateway (smart host). You can specify the following parameters: relayhost = [201.110.1.100] Note: The value of the RelayHost can be domain, host, host: port, [address] or [address: port]. 2. When receiving new mail, Postfix will try to deliver the message. If the company's internal SMTP server is set to dial-up, it is a program requesting the outreach to dial, and the fee will be added to the Internet.

At this time, we can postpone a new email through Postfix's Defer_Transports parameters until postfix presents a clear requirement, such as specifying: defer_transports = SMTP, if we add a PPP script (such as /etc/ppp/ip-up.local) plus as follows Command, the postfix is ​​only delivered after the dial-up success: / usr / sbin / sendmail3. Because we are forwarding the email to the mail gateway (201.110.1.100) instead of your delivery, we don't have to use DNS, so we cancel the DNS query by the following parameters: disable_dns_lookups = yes4. To ensure we can receive a reply, we Domain camouflage must be performed. masquerade_domains = isp.com Here is our configuration file to specify mail.cf:# mail gateway relayhost = [201.110.1.100] # after dialing the successful delivery of mail defer_transports = smtp # cancel disable_dns_lookups = yes # DNS queries are generally conventional configuration queue_directory = / var / spool / postfixprogram_directory = / usr / libexec / postfixcommand_directory = / usr / sbindaemon_directory = / usr / libexec / postfixmail_owner = postfixdefault_privs = nobodymail_spool_directory = / var / spool / mailmailbox_command = / usr / bin / procmaillocal_destination_concurrency_limit = 2default_destination_concurrency_limit = 10debug_peer_level = 2debugger_command = PATH = / usr / bin: / usr / X11R6 / bin, xxgdb $ daemon_directory / $ process_name $ process_id & sleep 5 # is assumed that the local network 192.168.1.1/24mynetworks = 192.168.1.1/24# host specific informationmyhostname = yourhost.isp. ?. commydomain = local.isp.commyorigin = $ mydomainwhere do we receive mail and who do we accept / receive mail for inet_interfaces = allmydestination = $ myhostname, localhost $ mydomain, $ mydomaindefault_transport = smtpmasquerade_domains = isp.com Note that: here $ Mydomain, $ myorigin, $ myDestination cannot be ISP.com, because you are set to ISP.com, the internal SMTP server will think that your email is forwarded to it, so it will only return to the email locally, the result will only return " Unknown User "error.

Second, this configuration only implements the means of sending the message to the SMTP server of the ISP, lacks the method of solving the mail server from the ISP, which can only be implemented by the MAIL client software such as Outlook or Foxmail. 5.2 Configuring Postfix for small and medium-sized enterprise users, there is a company with thousands of employees, the company's online Internet access. Now the company decides to build your own mail system through postfix. Here we assume that the company's domain is some.com, the domain name mail.some.com of the Mail server, the address is 202.200.180.2, the DNS server domain name is DNS.SOME.COM, the address is 202.200.180.1.1. Configure the DNS server and set the MX record to point to mail.some.com.

Related configuration files for /var/named/some.com (assuming that its Zone file is called some.com, please refer to the relevant chapter of this book) The content of this book is as follows: @ in SOA DNS.SOME.COM. Root.dns.some.com (2000011307; Serial 28800; Refresh, Seconds 14400; Retry, Seconds 3600000; EXPIRE, Seconds 86400; Minimum, Seconds) @ ​​in ns dns.some.com. @ in A 20200.180.1 @ in MX 10 mailhost in a 127.0.0.1dns in A 202.200.180.1Mail in A 202.200.180.2HOST1 IN A 202.200.180.3HOST2 IN A 202.200.180.42. Configuration postfix, its profile and associated explained as follows: # Set General route information queue_directory = / var / spool / postfixcommand_directory = / usr / sbindaemon_directory = / usr / libexec / postfixmail_spool_directory = / var / spool / mail # Set messages and mail the owner of the queue is postfixmail_owner = postfix # set the mail server's host name myhostname = mail.some.com # set mydomain, myorigin parameters and mydomain mydomain = some.commyorigin = $ mydomain mydestination = $ mydomain # postfix service set listening port inet_interfaces = All # Set local recipient username query means, default is query / etc / passwd file # and alias database local_recipient_maps = $ alias_maps unix: passwd.bynamealias_maps = hash: / etc / aliasealias_database = Hash: / etc / aliases # Set the final local delivery agent, here we use popular procmailmailbox_command = / usr / bin / procmail # Set this value $ MyDomain so that the client's connection relay_domains = $ mydomainmynetworks = 202.200.180.0/24# set to users Host Name and Version Information SMTPD_BANNER = $ MyHostName ESMTP $ MAIL_NAME # Keeping the system default values ​​for concurrent processes.

local_destination_concurrency_limit = 2default_destination_concurrency_limit = 10 # If you do not know what you're doing, it is best not to change the following settings debug_peer_level = 2debugger_command = PATH = / usr / bin: / usr / X11R6 / bin xxgdb $ daemon_directory / $ process_name $ process_id & sleep 53 . In Redhat, we usually use IMAP as a POP3 server, and you can view the system if you have an IMAP with the RPM -Q IMAP command. If you are not installed, insert the Linux disc, install it with RPM-IMAP-4.5-4.rpm. 4. By default, the POP3 server is started by inet, so you must go to the /etc/inetd.conf file for a line of comments about POP3. As shown below: POP-3 Stream TCP NOWAIT ROOT / USR / SBIN / IPOP3D IPOP3D 5. Restart the INET server, start the postfix: # / etc / rc.d / init. Then via the firewall (double host host) IP spoofing, the company's mail server (mail.some.com) is also in the internal network, and also private IP is also used. We assume that port forwarding on the firewall can forward the Internet to the request packet of the firewall 25 port to the internal mail server, and the MX record of the firewall running the DNS service points to the firewall itself. In this example, I want to focus on the usage of mapping files.

Main.cf profile and related explanation as follows: # 表 自己 的 m h = mail.some.commydomain = some.commyDestination = $ Mydomain, $ MyHostName, localhost. $ mydomainmyorigin = $ mydomain # Let Postfix listen all interface INET_INTERFACES = All # Accepting an internal network user's SMTP connection request MyNetworks = 192.168.0.0/8 # 向i c 管理 管理 = = 信息 信息 c c 管理 管理 参 参 管理 参 向 向 向 向 向 参 向 参 向 向 向 向The list of rejected Maps_RBL_DOMAINS = RBL.MAPS.VIX.com, DUL.MAPS.VIX.com # Connect to the client-only SMTPD_CLIENT_RESTRICTIONS = # client IP complies with the range of $ mynetworks defined, accept connection permit_mynetworks , # # 根据 合 合 合 合 c c c s 连接 符 符 符 连接 符 符 连接 符 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接 连接reject_unknown_hostname # caution by the sender's address restrictions smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash: / etc / postfix / access # set the virtual host database, do not forget to execute "postmap virtual" format conversion virtual_maps = hash: / etc / postfix / Virtual # Forwarding the message without system account, such as leaving the company's employee Relocated_maps = Hash: / etc / pos tfix / relocated # Set the alias database alias_maps = hash: / etc / postfix / aliases # we use smtp delivery agent default_transport = smtp # Some general settings mail_owner = postfixdefault_privs = nobody # set the path information queue_directory = / var / spool / postfix program_directory = / usr / libexec / postfix command_directory = / usr / sbin daemon_directory = / usr / libexec / postfix mail_spool_directory = / var / spool / mail mailbox_command = / usr / bin / procmail # concurrent connections local_destination_concurrency_limit = 2 default_destination_concurrency_limit = 10 then, we perform the following command:

# Postfix configuration directory enter cd / etc / postfix # newaliases initialize the alias database by using newaliases # postmap establish virtual respectively, access and query the database relocated postmap virtualpostmap accesspostmap relocated # start postfix / etc / rc.d / init.d / postfix start now Let's take a look at the format of Virtual, Access, and Reloacted several query files. Here is an example and comment for these files: #virtual file sample # Assume that we have a virtual domain in this example Other.comoother.com #access File Sample # If you meet the previous conditions, there can be three operations: # 1. [45] xx $ message: Reject to accept and display a predefined information to the client # 2. Reject: Refuse to accept, not display information # 3. OK Allow connection ispy99@noman.com Ok 202.192 reject #relocated file example # This file is primarily sent to messages without system accounts whom@some.com ontwo @ newone. COM 6. Command line tools in Postfix and others Let's take a look at the postfix command line tool, the use of these tools may make you easier to postfix. 6.1 Sendmail Compatible Command Board Tools 1. Mailq lists the mail queue file. Each entry in the table includes the following information: queue file ID, the size of the message, the time, sender, recipient, and delivery delay (if the delivery is delayed). This command is primarily related to the SHOWQ background program to obtain the relevant information of the queue file. This command has no parameters. 2. NEWALIASES This tool is initialized by the alias database. If you do not specify the type of database, use the system default database type (Hash under Linux). This command can be executed without parameters. 6.2 Postfix comes with the command line tool 1. Postcat prints the contents of the mail queue file. The queue file name to be displayed later can be redundantly displayed with a -V parameter. 2. PostConf prints the value of the configuration parameter or other information on Postfix. -D prints the default value of the configuration parameters. -M lists all supported query table types. The value after the configuration parameter is set without parameters. 3. Postmap creates a Postfix query database. This database can be created directly with the original file directly without any parameters. 6.3 Postfix log Postfix's log files are located in / etc / log / maillog, and the file contains startup information, error information, and session with other SMTP servers.

As shown below: SEP 10 05:54:17 Mail Postfix / SMTPD [5072]: Disconnect from UNKNOWN [204.140.244.150] Sep 10 06:06:00 Mail Postfix / QMGR [467]: 50D403DF8: from = , size = 6591 (Queue Active) Sep 10 06:11:06 Mail Postfix / SMTP [5085]: Connect to bjmx2.163.net [202.108.255.241]: Read Timeout (port 25) Sep 10 06 : 16: 07 Mail Postfix / SMTP [5085]: Connect to bjmx3.163.net [202.108.255.242]: Read Timeout (Port 25) Sep 10 06:21:08 Mail Postfix / SMTP [5085]: Connect To BJMX1. 163.NET [202.108.255.240]: Read Timeout (Port 25) 6.4 Write a code using the mysql database in Postfix to write a code to add a MySQL mapping type in Postfix, so we can put the alias database for the Postfix query The data stored in the mysql database, let the postfix make the Mysql query to get the result. This will help to provide postfix's running efficiency, and it is especially useful for the need to constantly map data. 1. Add a function of identifying the MySQL database map to Postfix. Since this code uses the MySQL client library, we must install MySQL's open package. You can download the mysql development kit from www.redhat.com and other Linux related sites, you can also get the mysql development kit from some Linux resources CDs, such as MySQL-Client-3.22.30-1.i386.rpm. b. Install the development package: rpm -ivh mysql-client-3.22.30-1.i386.rpmc. Download the postfix source code package, according to the prompt of this chapter "3.1 source package installation", but pay attention to execution Before the board command, execute the following: make -f makefile.init makefiles 'ccargs = -dhas_mysql -i / usr / include / mysql' 'auxlibs = / usr / lib / mysql / libmysqlclient.a -lm' 5. Configuring Postfix Mysql database maps We will explain in Alias_MAPS.

转载请注明原文地址:https://www.9cbs.com/read-124689.html

New Post(0)