vi /etc/postfix/main.cf
75 myhostname =mail.tencongty.com
83 mydomain = tencongty.com
99 myorigin = $mydomain
116 inet_interfaces = all
119 inet_protocols = ipv4
164 mydestination = $myhostname,
localhost.$mydomain, localhost, $mydomain
264 mynetworks =10.0.0.0/8, 127.0.0.0/8
419 home_mailbox = Maildir/
545 header_checks =
regexp:/etc/postfix/header_checks
546 body_checks =
regexp:/etc/postfix/body_checks
678 # limit an email size 10M
679 message_size_limit = 10485760
680 # limit mailbox 1G
681 mailbox_size_limit = 1073741824
# for SMTP-Auth
settings
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_client_restrictions = permit_mynetworks,reject_unknown_client,permit
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_client_restrictions = permit_mynetworks,reject_unknown_client,permit
smtpd_recipient_restrictions = permit_mynetworks,permit_auth_destination,permit_sasl_authenticated,reject
[root@mail ~]# vi
/etc/postfix/header_checks
# add at the head
# reject if email
address is empty
/^From:.*<#.*@.*>/
REJECT
/^Return-Path:.*<#.*@.*>/ REJECT
/^Return-Path:.*<#.*@.*>/ REJECT
[root@mail ~]# vi
/etc/postfix/body_checks
# reject if
includes 'example.com' in mail body
/^(|[^>].*)example.com/
REJECT
dovecot config
[root@mail ~]# yum
-y install dovecot
[root@mail ~]# vi
/etc/dovecot/dovecot.conf
line 20 uncomment #
line 20 uncomment #
# line 31: change ( if not use IPv6 )
listen =
*
[root@mail ~]# vi
/etc/dovecot/conf.d/10-auth.conf
# line 9: uncomment and change ( allow
plain text auth )
disable_plaintext_auth = no
# line 97: add
auth_mechanisms = plain login
[root@mail ~]# vi
/etc/dovecot/conf.d/10-mail.conf
# line 30: uncomment and add
mail_location = maildir:~/Maildir
[root@mail ~]# vi
/etc/dovecot/conf.d/10-master.conf
# line 84-86: uncomment and add
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
# add
group = postfix
# add
}
}
[root@mail ~]#
/etc/rc.d/init.d/dovecot start
Starting Dovecot Imap:
Starting Dovecot Imap:
[ OK ]
[root@mail ~]# chkconfig dovecot on
[root@mail ~]# chkconfig dovecot on
[root@mail ~]# cd /etc/pki/tls/certs
[root@mail ~]# cd /etc/pki/tls/certs
[root@mail certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 >
server.key
Generating RSA private key, 2048 bit
long modulus
..................................................................+++
..+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@mail certs]# openssl rsa -in
server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@mail certs]# make server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key
server.key -out server.csr
You are about to be asked to enter
information that will be incorporated
into your certificate request.
What you are about to enter is what is
called a Distinguished Name or a DN.
There are quite a few fields but you
can leave some blank
For some fields there will be a default
value,
If you enter '.', the field will be
left blank.
-----
Country Name (2 letter code) [XX]:vn
State or Province Name (full name)
[]:Hochiminh
Locality Name (eg, city) [Default
City]:Hochiminh
Organization Name (eg, company)
[Default Company Ltd]:edu
Organizational Unit Name (eg, section)
[]:tencongty
Common Name (eg, your name or your
server's hostname) []:mail.tencongty.com
Email Address []:admin@tencongty.com
Please enter the following 'extra'
attributes
to be sent with your certificate
request
A challenge password []:
An optional company name []:
[root@mail certs]#
[root@mail certs]# openssl x509 -in
server.csr -out server.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=vn/ST=Hochiminh/L=Hochiminh/O=edu/OU=tencongty/CN=mail.tencongty.com/emailAddress=admin@tencongty.com
Getting Private key
[root@mail certs]# chmod 400 server.*
[root@mail certs]# vi
/etc/postfix/main.cf
add last line
# su dung tsl
smtpd_use_tls = yes
smtpd_tls_cert_file =
/etc/pki/tls/certs/server.crt
smtpd_tls_key_file =
/etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database =
btree:/etc/postfix/smtpd_scache
[root@mail certs]# vi
/etc/postfix/master.cf
17 smtps inet n - n
- - smtpd
18 -o smtpd_tls_wrappermode=yes
[root@mail certs]# vi
/etc/dovecot/conf.d/10-ssl.conf
6 ssl = yes
7
8 # PEM encoded X.509 SSL/TLS
certificate and private key. They're opened before
9 # dropping root privileges, so
keep the key file unreadable by anyone bu t
10 # root. Included doc/mkcert.sh
can be used to easily generate self-signe d
11 # certificate, just make sure
to update the domains in dovecot-openssl.c nf
12 ssl_cert =
</etc/pki/dovecot/certs/dovecot.pem
13 ssl_key =
</etc/pki/dovecot/private/dovecot.pem
web mail
[root@mail certs]# yum -y install httpd
[root@mail certs]# rm -f
/etc/httpd/conf.d/welcome.conf
[root@mail certs]# rm -f
/var/www/error/noindex.html
[root@mail certs]# ln -s /usr/bin/perl
/usr/local/bin/perl
[root@www ~]# vi
/etc/httpd/conf/httpd.conf
# line 44: change
ServerTokens Prod
# line 76: change to ON
KeepAlive On
# line 262: Admin's address
ServerAdmin root@tencongty.com
# line 276: change to your server's
name
ServerName www.tencongty.com:80
# line 331: change (enable CGI and
disable Indexes)
Options FollowSymLinks ExecCGI
# line 338: change
AllowOverride All
AllowOverride All
# line 402: add file name that it can
access only with directory's name
DirectoryIndex index.html index.cgi index.php
DirectoryIndex index.html index.cgi index.php
# line 536: change
ServerSignature Off
# line 759: make it comment
#
AddDefaultCharset UTF-8
# line 796: uncomment and add file-type
that apache looks them CGI
AddHandler cgi-script .cgi .pl
[root@www ~]# /etc/rc.d/init.d/httpd
start
Starting httpd:
[ OK ]
[root@www ~]# chkconfig httpd on
No comments:
Post a Comment