postfix+mariadb 空殼郵件iptables

####################postfix+mariadb###################
1.準(zhǔn)備工作
[root@westos-mail ~]# yum install mariadb php php-MySQL httpd dovecot dovecot-mysql -y
安裝有關(guān)軟件
2.配置文件
[root@westos-mail ~]# vim /etc/dovecot/dovecot.conf
       24 protocols = imap pop3 lmtp
       48 login_trusted_networks = 0.0.0.0/0
       49 disable_plaintext_auth = no
[root@westos-mail ~]# vim /etc/dovecot/conf.d/10-auth.conf
       123 !include auth-sql.conf.ext
[root@westos-mail ~]# cd /etc/dovecot/conf.d
[root@westos-mail conf.d]# ls
10-auth.conf       20-imap.conf                 auth-dict.conf.ext
10-director.conf   20-lmtp.conf                 auth-ldap.conf.ext
10-logging.conf    20-pop3.conf                 auth-master.conf.ext
10-mail.conf       90-acl.conf                  auth-passwdfile.conf.ext
10-master.conf     90-plugin.conf               auth-sql.conf.ext
10-ssl.conf        90-quota.conf                auth-static.conf.ext
15-lda.conf        auth-checkpassword.conf.ext auth-system.conf.ext
15-mailboxes.conf auth-deny.conf.ext           auth-vpopmail.conf.ext
[root@westos-mail conf.d]# cp /usr/share/doc/dovecot-2.2.10/example-config/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext
[root@westos-mail conf.d]# vim /etc/dovecot/dovecot-sql.conf.ext
32 driver = mysql
71 connect = host=localhost dbname=email user=postuser password=postuser
78 default_pass_scheme = PLAIN
107 password_query = \
108   SELECT username, domain, password \
109   FROM emailuser WHERE username = '%u' AND domain = '%d'
125    user_query = SELECT maildir, 666 AS uid, 666 AS gid FROM emailuser WHER    E username = '%u'
[root@westos-mail conf.d]# vim 10-mail.conf
30 mail_location = maildir:/home/vmail/%d/%n
168 first_valid_uid = 666
175 first_valid_gid = 666
[root@westos-mail conf.d]# yum install -y telnet
[root@westos-mail conf.d]# systemctl restart dovecot

測(cè)試
[root@westos-mail conf.d]# telnet 172.25.254.101 110
Trying 172.25.254.101...
Connected to 172.25.254.101.
Escape character is '^]'.
+OK [XCLIENT] Dovecot ready.
user lee@lee.com
+OK
pass lee
+OK Logged in.
quit
+OK Logging out.
Connection closed by foreign host.

附圖

宣化網(wǎng)站建設(shè)公司創(chuàng)新互聯(lián),宣化網(wǎng)站設(shè)計(jì)制作，有大型網(wǎng)站制作公司豐富經(jīng)驗(yàn)。已為宣化千余家提供企業(yè)網(wǎng)站建設(shè)服務(wù)。企業(yè)網(wǎng)站搭建\外貿(mào)網(wǎng)站制作要多少錢，請(qǐng)找那個(gè)售后服務(wù)好的宣化做網(wǎng)站的公司定做！

postfix+mariadb 空殼郵件 iptables

#################空殼郵件####################
1.先重置空殼端
2.配置
[root@localhost ~]# vim /etc/postfix/main.cf
75 myhostname = nullmail.example.com     ##主機(jī)名
83 mydomain = example.com                ##域名
99 myorigin = westos.com                 ##要與真實(shí)主機(jī)的域名相同
113 inet_interfaces = all
164 mydestination =                      ##空殼實(shí)際不接收郵件，所以不寫
316 relayhost = 172.25.254.101           ##真實(shí)主機(jī)ip
[[root@nullmail ~]# systemctl restart postfix.service
測(cè)試
#空殼端
[root@nullmail ~]# mail root
Subject: qe
qe
qe
.
EOT
[root@nullmail ~]# mailq
Mail queue is empty

#真接收端
[root@westos-mail named]# mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N 1 root                  Thu Jun 1 08:01 22/742   "qe"
& q

######################################
#############iptables#################
######################################
1.準(zhǔn)備工作
查看火墻狀態(tài)，如果是running，將其關(guān)閉
打開iptables

2.iptables
iptables是一個(gè)工作與用戶之間的防火墻應(yīng)用軟件
三表：filter    ##不經(jīng)過內(nèi)核
      mangel
      nat       ##經(jīng)過內(nèi)核
五鏈：INPUT OUTPUT FORWARD PREROUTING POSTROUTING
           -t      ##指出表的名稱
           -n      ##不作解析
           -L      ##列出指定表的策略
           -F      ##刷掉filter表中的所有策略
           -A      ##增加策略
           -s      ##數(shù)據(jù)來源
           -j      ##動(dòng)作
           ACCEPT ##允許
           REJECT ##拒絕
           --dport ##端口
           -D      ##刪除指定策略
           -I      ##插入策略
           -R      ##修改策略
           -P      ##修改默認(rèn)策略
service iptables save     ##保存當(dāng)前策略
[root@localhost ~]# iptables -A INPUT -i lo -j ACCEPT   ##允許lo
[root@localhost ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT ##允許訪問22 端口
[root@localhost ~]# iptables -A INPUT -s 172.25.254.75 -j ACCEPT ##只允許75主機(jī)訪問
[root@localhost ~]# iptables -A INPUT -j REJECT     ##其它全部拒絕
[root@localhost ~]# iptables -nL       ##查看filter表當(dāng)前策略
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     all -- 172.25.254.95        0.0.0.0/0
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@localhost ~]# iptables -N redhat      ##增加redhat鏈
[root@localhost ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     all -- 172.25.254.95        0.0.0.0/0
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain redhat (0 references)
target     prot opt source               destination
[root@localhost ~]# iptables -E redhat westos    ##將redhat鏈名稱改為westos
[root@localhost ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     all -- 172.25.254.95        0.0.0.0/0
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain westos (0 references)
target     prot opt source               destination
[root@localhost ~]# iptables -X westos      ##刪除westos鏈
[root@localhost ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     all -- 172.25.254.95        0.0.0.0/0
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@localhost ~]# iptables -I INPUT -p tcp --dport 80 -j REJECT   ##插入策略到INPUT中的第一條
iptables -P INPUT DROP    ###修改默認(rèn)策略
[root@localhost ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
REJECT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:80 reject-with icmp-port-unreachable
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:22
ACCEPT     all -- 172.25.254.75        0.0.0.0/0
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icm[root@localhost ~]# iptables -R INPUT 1 -p tcp --dport 80 -j ACCEPT    ##修改第一條策略

####提高訪問速度，緩解訪問壓力
[root@localhost ~]# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT      ##建立過的策略再次讀的話直接看這個(gè)
[root@localhost ~]# iptables -A INPUT -i lo -m state --state NEW -j ACCEPT                ##再次讀lo策略時(shí)候直接讀這個(gè)
[root@localhost ~]# iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT    ##再次讀22端口策略時(shí)直接讀這個(gè)，不需要全部讀
[root@localhost ~]# iptables -A INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT    ##再次讀80端口策略時(shí)直接讀這個(gè)，不需要全部讀
[root@localhost ~]# iptables -A INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT   ##再次讀443端口策略時(shí)直接讀這個(gè)，不需要全部讀
[root@localhost ~]# iptables -A INPUT -p tcp --dport 53 -m state --state NEW -j ACCEPT    ##再次讀53端口策略時(shí)直接讀這個(gè)，不需要全部讀
[root@localhost ~]# iptables -A INPUT -j REJECT   ##其它主機(jī)數(shù)據(jù)全部拒絕
[root@localhost ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
ACCEPT     all -- 0.0.0.0/0            0.0.0.0/0            state NEW
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:80 state NEW
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:443 state NEW
ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state NEW
REJECT     all -- 0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@localhost ~]# service iptable save   ##保存當(dāng)前策略

##############路由###################
[root@localhost ~]# iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to-source 172.25.254.101        ####出路由
[root@localhost ~]# sysctl -a | grep forward
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 0
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth2.forwarding = 0
net.ipv4.conf.eth2.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.ip_forward = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.eth0.forwarding = 0
net.ipv6.conf.eth0.mc_forwarding = 0
net.ipv6.conf.eth2.forwarding = 0
net.ipv6.conf.eth2.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.mc_forwarding = 0
[root@localhost ~]# vim /etc/sysctl.conf
    5 net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -p
     net.ipv4.ip_forward = 1
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth2 -j DNAT --to-dest 172.25.0.11   #####進(jìn)路由
[root@localhost ~]# iptables -t nat -nL    ####查看當(dāng)前策略
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       all -- 0.0.0.0/0            0.0.0.0/0            to:172.25.0.11

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all -- 0.0.0.0/0            0.0.0.0/0            to:172.25.254.101

測(cè)試

[root@localhost ~]# ping 172.25.0.11
PING 172.25.0.11 (172.25.0.11) 56(84) bytes of data.
64 bytes from 172.25.0.11: icmp_seq=1 ttl=64 time=0.527 ms
64 bytes from 172.25.0.11: icmp_seq=2 ttl=64 time=0.384 ms
64 bytes from 172.25.0.11: icmp_seq=3 ttl=64 time=0.448 ms

當(dāng)前文章：postfix+mariadb 空殼郵件iptables
當(dāng)前地址：http://jinyejixie.com/article0/iepcio.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供網(wǎng)站維護(hù)、域名注冊(cè)、品牌網(wǎng)站設(shè)計(jì)、云服務(wù)器、面包屑導(dǎo)航、虛擬主機(jī)

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請(qǐng)盡快告知，我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng)，如需處理請(qǐng)聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時(shí)需注明來源：創(chuàng)新互聯(lián)

猜你還喜歡下面的內(nèi)容

成人午夜视频全免费观看高清-秋霞福利视频一区二区三区-国产精品久久久久电影小说-亚洲不卡区三一区三区一区

postfix+mariadb 空殼郵件iptables