2024.06.12.보안 day47

메일서버  mail server

- postfix메일

- sendmail메일

 

korea10.com 추가 

MX mail 추가 

 

메일송신   SMTP  (메일서버와 메일 서버간의 통신) 
메일수신  POP3,IMAP (서버와 클라이언트 수신)

 

[ 메일관련 프로그램 ]
- MTA(Mail Transfer Agent)
전자 메일을 다른데로 전송하는 서버 프로그램

- MUA(mail User Agent)
전자메일을 사용자에게 할당하는 클라이언트 프로그램

- MDA(Mail Delivery Agent)
MTA가 수신한 메세지를 시간에 맞게 사용자 우편한테 쓰기위한 프로그램 

- MRA(mail Reterieval Agent)
리모트 서버에 있는 우편함으로 부터 사용자의 MUA로 메일을 가져오는 프로그램

 

---

[ 리눅스 메일 서버 ]
기본 메일서버 : POSTFIX (다른 메일서버 사용시 삭제)

 

10.10.10.10) 

yum install mailx
mail root@localhost           : 여기사 작성한거 
ll /var/spool/mail/
cat /var/spool/mail/root    : 여기에 보임              /   메일 저장함: /var/spool/mail/계정명

 yum install dovecot
   71  service dovecot restart
   72  systemctl enable dovecot
   73  service postfix restart
   74  netstat -lntup |grep dove
   75  netstat -lntup |grep post    : postfix는 post아니고 master라고 검색해야됨
   76  netstat -lntup |grep master
   77  firewall-cmd --permanent --add-port 110/tcp
   78  firewall-cmd --permanent --add-port 25/tcp

 

vi /etc/dovecot/conf.d/10-auth.conf  (암호화 설정 비활성)

10 #disable_plaintext_auth = yes
11 disable_plaintext_auth = no

 

 vi /etc/dovecot/conf.d/10-ssl.conf

 8 #ssl = required
 9 ssl = no

 

 

vi /etc/dovecot/conf.d/10-mail.conf

     24 #   mail_location = maildir:~/Maildir
     25 #   mail_location = mbox:~/mail:INBOX=/var/mail/%u
     26    mail_location = mbox:~/mail:INBOX=/var/mail/%u
     27 #   mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n

 

[root@localhost ~]# nslookup   ( 메일서버 만들었는지 확인)
> set type=MX
> sevas10.com
Server:         192.168.10.10
Address:        192.168.10.10#53
sevas10.com     mail exchanger = 10 mail.sevas10.cohttp://m.sevas10.com.
> korea10.com
Server:         192.168.10.10
Address:        192.168.10.10#53
korea10.com     mail exchanger = 10 mail.korea10.cohttp://m.korea10.com.

 

 vi /etc/postfix/main.cf

      4 smtpd_client_restrictions = check_client_access hash:/etc/postfix/access        access list주기 위해 필요

     76 #myhostname = virtual.domain.tld
     77 myhostname = mail.sevas10.com                메일서버 호스트등록

     84 #mydomain = domain.tld
     85 mydomain = sevas10.com                      메일서버 도메인
    101 #myorigin = $mydomain
    102 myorigin = $mydomain                      송신자 메일주소

    119 #inet_interfaces = localhost
    120 inet_interfaces = all                                서비스할 인터페이스

    168 mydestination = $myhostname, localhost.$mydomain, localhost, sevas10.com

                                                                                                                               수신 받을 도메인
    268 #mynetworks = 168.100.189.0/28, 127.0.0.0/8
    269 mynetworks = 0.0.0.0/0                  신뢰 할수 있는 네트워크 주소

  301 #relay_domains = $mydestination
    302 relay_domains = $mydestination          신뢰 할수 있는 도메인 주소

   432 #mail_spool_directory = /var/spool/mail
    433 mail_spool_directory = /var/spool/mail              메일함 저장 위치

 

 

 vi /etc/postfix/transport

sevas10.com     local:

 

 

 

 postmap /etc/postfix/transport  (적용)

 

REALY는 도메인 정보 /disconnect/ reject가능 

ok는 안됨

 

 

 

vi /etc/postfix/access

10.10.10.254    RELAY
20.20.20.20     RELAY
20.20.20.254    RELAY

 

postmap /etc/postfix/access      (적용)

 

service postfix restart

systemctl enable postfix

 netstat -lntup |grep master

적용 전 결과

⬇⬇⬇⬇⬇⬇⬇⬇⬇⬇

0.0.0.0 으로 바껴야 성공

ㄴ 이렇게 되면 성공

 

 

 

 

---

20.20.20.20) 

 

dnf install dovecot

dnf install sendmail*

 

위랑똑같이 

  133  vi /etc/dovecot/conf.d/10-auth.conf
  134  vi /etc/dovecot/conf.d/10-ssl.conf
  136  vi /etc/dovecot/conf.d/10-mail.conf
  137  service dovecot restart
  138  systemctl enable dovecot
  139  systemctl disable firewalld
  140  service firewalld stop

  142  firewall-cmd --permanent --add-port 25/tcp

 

 

[ vi /etc/mail/sendmail.mc ]

- smtp프로토콜 인증내용
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl (원본)
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl (원본)
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl (수정)
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl (수정)


mail 호스트설정
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl (원본)
DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl (수정)

도메인등록
166  dnl MASQUERADE_AS(`mydomain.com')dnl (원본)
MASQUERADE_AS(`korea10.com')dnl (수정)

도메인 연결
171  dnl FEATURE(masquerade_envelope)dnl (원본)
FEATURE(masquerade_envelope)dnl (수정)

 

Cw : 도메인설정
Fw : 지정도메인 경로설정
Dj  : 강제도메인 매칭 /안줘도됨

 

 

vi /etc/mail/sendmail.cf

90  Cwkorea10.com
92 Fw/etc/mail/local-host-names

 

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
  155  vi /etc/mail/local-host-names

mail.korea10.com

  156  vi sevas.sh

#! /bin/bash
S=service
case $1 in

start)
echo " 메일 서버 start"
$S sendmail start
$S saslauthd start
$S dovecot start
;;

stop)
echo " 메일 서버 stop"
$S sendmail stop
$S saslauthd stop
$S dovecot stop
;;

restart)
sh $0 stop
sleep 5
sh $0 start
;;

*)
echo "start/stop/restart"
exit 0
esac

  157  chmod 755 sevas.sh
  159  ./sevas.sh start
  160  mail
  162  netstat -lntup |grep send
  163  netstat -lntup |grep dove

---