mail server 安裝設定

架設 mail server 之前先了解在 mail 傳遞與使用中共有三種角色。

而在 mail 傳遞過程中共有使用了三種通訊協定

郵件的發送主要透過 SMTP 來傳遞,而目前為了抑制匿名信件 mail server 只允許該網域下的主機透過 SMTP 發送信件 ,POP 及 IMAP 由於認證方式是透過 username 及 passwd 故無限制,但須小心的密碼被監聽導致主機被入侵。 此外 mail client 郵件的發送同時只能夠設定一部 SMTP 主機,而郵件的領取 POP or IMAP 同時可以設定好幾個。

Figure 25-14. 郵件傳遞簡圖

Figure 25-15. MDA 示意圖

Exim mail server 的安裝設定 (SMTP)

Exim 為 Debian GUN/Linux 預設安裝的 mail server ,在你安裝 Debian 的同時 你應該就設定過 exim 了。不論當時你是如何設定的,你隨時都可以再透過 eximconfig 來更改 exim 的設定。

==========================
# 執行 eximconfig 設定 exim
==========================
debian:~# eximconfig 
I can do some automatic configuration of your mail system, by asking
you a number of questions.  Later you may have to confirm and/or correct
your answers. In any case, comprehensive information on configuring exim is
in the eximdoc package and in /usr/share/doc/exim/spec.txt
[---Press return---]
 (1) Internet site; mail is sent and received directly using SMTP. If your
     needs don't fit neatly into any category, you probably want to start
     with this one and then edit the config file by hand.

 (2) Internet site using smarthost: You receive Internet mail on this 
     machine, either directly by SMTP or by running a utility such as 
     fetchmail. Outgoing mail is sent using a smarthost. optionally with
     addresses rewritten. This is probably what you want for a dialup
     system.

 (3) Satellite system: All mail is sent to another machine, called a "smart 
     host" for delivery. root and postmaster mail is delivered according 
     to /etc/aliases. No mail is received locally.

 (4) Local delivery only: You are not on a network.  Mail for local users 
     is delivered.

 (5) No configuration: No configuration will be done now; your mail system 
     will be broken and should not be used. You must then do the 
     configuration yourself later or run this script, /usr/sbin/eximconfig, 
     as root. Look in /usr/share/doc/exim/example.conf.gz

Select a number from 1 to 5, from the list above.
=============================================
# 選 1 設定成為 Internet 的 mail server
# 選 2 採用 smarthost 模式
# 選 3 設定成為衛星型的 mail server
# 選 4 只設定本機上的 mail 傳遞
# 選 5 不設定
# 在此我們選擇使用 1 成為 Internet 的 mail server
=============================================
Enter value (default=`1', `x' to restart): 1
 
t is the `visible' mail name of your system? This will appear on 
From: lines of outgoing messages.
Enter value (default=`debian.coventive.com', `x' to restart): # 直接按下 enter

==============================================================================
Does this system have any other names which may appear on incoming
mail messages, apart from the visible name above (debian.coventive.com) and
localhost?

By default all domains will be treated the same; if you want different 
domain names to be treated differently, you will need to edit the config 
file afterwards: see the documentation for the "domains" director 
option.

If there are any more, enter them here, separated with spaces or commas.  
If there are none, say `none'.
Enter value (default=`none', `x' to restart): # 直接按下 enter

==============================================================================
All mail from here or specified other local machines to anywhere on
the internet will be accepted, as will mail from anywhere on the 
internet to here. 

Are there any domains you want to relay mail for---that is, you are 
prepared to accept mail for them from anywhere on the internet, but
they are not local domains.

If there are any, enter them here, separated with spaces or commas. You
can use wildcards. If there are none, say `none'. If you want to relay 
mail for all domains that specify you as an MX, then say `mx'
Enter value (default=`none', `x' to restart): # 直接按下 enter

==============================================================================
Obviously, any machines that use us as a smarthost have to be excluded
from the relaying controls, as using us to relay mail for them is the
whole point.

Are there any networks of local machines you want to relay mail for?

If there are any, enter them here, separated with spaces or commas. You
should use the standard address/length format (e.g. 194.222.242.0/24)
If there are none, say `none'.

You need to double the colons in IPv6 addreses (e.g. 5f03::1200::836f::::/48)
Enter value (default=`none', `x' to restart): # 直接按下 enter
Names are localhost:debian.coventive.com!

==============================================================================
Mail for the `postmaster' and `root' accounts is usually redirected
to one or more user accounts, of the actual system administrators.
By default, I'll set things up so that mail for `postmaster' and for
various system accounts is redirected to `root', and mail for `root'
is redirected to a real user.  This can be changed by editing /etc/aliases.

Note that postmaster-mail should usually be read on the system it is
directed to, rather than being forwarded elsewhere, so (at least one of)
the users you choose should not redirect their mail off this machine.

Which user account(s) should system administrator mail go to ?
Enter one or more usernames separated by spaces or commas .  Enter
`none' if you want to leave this mail in `root's mailbox - NB this
is strongly discouraged.  Also, note that usernames should be lowercase!
====================================================
# 將給 root 的信件轉交給那位在這個系統上的使用者? 
#
# 不要隨便使用 root ,在日常工作上也不建議使用 root 這個帳號
# 這是大家一致公認的法則,只要是人就一定會犯錯,在 UNIX 系統
# 上 root 相當於神的地位,一但犯錯常常是無可挽救的悲劇,要避免
# 神犯錯,就請神不要常常出現。:-)
# 在此我們將寄給神的信,轉交給神的代理人。也就是你常用的帳號。
# 讓機器發出警告時或是使用者投訴時代理人可以在第一手時間知道。
# OK 那現在就填寫你的帳號吧!
====================================================
Enter value (`x' to restart): lloyd 

The following configuration has been entered:

==============================================================================
mail generated on this system will have `debian.coventive.com' used
as the domain part (after the @) in the From: field and similar places.

The following domain(s) will be recognised as referring to this system:
 localhost, debian.coventive.com

Mail for postmaster, root, etc. will be sent to lloyd.

Local mail is delivered.

Outbound remote mail is looked up in the Internet DNS, and delivered
using that data if any is found; otherwise such messages are bounced.


Note that you can set email addresses used for outgoing mail by editing
/etc/email-addresses.

Is this OK ?  Hit Return or type `y' to confirm it and install,
or `n' to make changes (in which case we'll go round again, giving you
your previous answers as defaults.     (Y/n)  # 設定完成了嗎? 直接 enter 回答 Yes

onfiguration installed.

debian:~# 

在安裝設定完 exim 後,我們使用 telnet 這個工具簡單測試一下 Exim 是否正常運作

debian:~# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 debian.coventive.com ESMTP Exim 3.35 #1 Tue, 29 Oct 2002 00:19:41 +0800
================================================
# 如果你可以看見這樣的訊息,恭喜你這表示你的 mail server
# 已經在 25 埠等待郵件的傳遞了
#
# 請輸入 quit 離開
================================================
quit              
221 debian.coventive.com closing connection
Connection closed by foreign host.
debian:~# 


Noteexim mail relay
 

使用 eximconfig 設定 exim 預設只幫 localhost 做 mail relay , 如果你還須要幫忙提供給其他機器如 Win98 等 其他機器使用你的 mail server ,你就必須幫這些機器設定 mail relay, 設定 exim 的 mail relay 需修改 /etc/exim/exim.conf
找到下面一段改,加上你要幫忙 mail relay 的網路區段 
host_accept_relay = 127.0.0.1 : 192.168.23.0/24 ::::1

ps: 192.168.23.0(network)/24 (24 表示 netmask 255.255.255.0) ,你可試試看
    192.168.23.0/255.255.255.0 這樣的表示法。

NotePOP 與 IMAP 與系統安全
 

由於 POP 與 IMAP 目前在加密傳輸上並沒有被廣泛支援, 在 POP 與 IMAP 目前在通訊傳輸上並沒有加密傳輸情況下,這樣的情況容易導致密碼被竊聽以致於主機被入侵, 在此筆者誠懇的建議您將 mail 帳號與實際使用者帳號分開,mail 帳號並沒有實際取得主機登入權限(shell 為 false), 而實際使用者帳號才擁有真正的主機登入權限(shell 不為 false)。 如果這一台主機是以 mail 為主,那筆者就真的建議您,只擁有一兩個可以真正登入的使用者,其他 mail 帳號一律無法 登入主機。這樣就算是密碼被竊聽了,也不至於危害到主機的安全,我相信在不久的將來 POP 與 IMAP 通訊加密應該就會被廣泛 的支援。

Notemail server 與 DNS
 

mail server 與 DNS 息息相關,在很多情況下 mail server 出現錯誤,問題不在 mail server 的設定 通常是 DNS 出錯。因為我們的 mail address 通常是 lloyd@hostname.domain 而不會使用 lloyd@192.168.23.26 ,而 hostname 與 domain 都是依靠 DNS 幫我們作網域轉譯的工作,而 DNS 又不見得是由你所掌控, 一但 DNS 設定錯誤,或是你提供了錯誤的資訊給 DNS 管理者,將會造成你的 mail server 發生莫名奇妙的錯誤。 不可不小心。一但有這樣的情況發生,請你以 IP 的方式寄發 mail, 確認你的 mail server 設定正確,在尋線查詢 DNS 的設定是否與你的 mail server 相同。

Popa3d POP3 的安裝設定

安裝方法如下
debian:~# apt-get install popa3d

安裝完成後利用 telnet 測試一下 popa3d 是否正常運行
debian:~# telnet 127.0.0.1 pop3
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
+OK
=======================================
# 看到這樣的畫面恭喜你這表示你已經安裝成功了
# 輸入 quit 離開
=======================================
quit
+OK
Connection closed by foreign host.
debian:~#

uw-imap IMAP 的安裝設定

安裝方法如下
debian:~# apt-get install uw-imapd

安裝完成後利用 telnet 測試一下 uw-imap 是否正常運行
debian:~# telnet 127.0.0.1 imap
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4REV1 X-NETSCAPE LOGIN-REFERRALS AUTH=LOGIN] [127.0.0.1] IMAP4rev1 2001.315 at Tue, 29 Oct 2002 00:49:19 +0800 (CST)
=======================================
# 看到這樣的畫面恭喜你這表示你已經安裝成功了
# 按下 Ctrl+] 輸入 quit 離開
=======================================
^]
telnet> quit
Connection closed.
debian:~#

mailx 的安裝與 mail server 的測試

最後我們來安裝 mailx ,這是個十分簡單且單純的 MUA (Mail User Agrnt),用它來收發 e-mail 並 測試一下 mail server 實際的運作情形。測試方式及步驟如下:

安裝方法如下
debian:~# apt-get install mailx

=============================
Test Item 1: local testing
請將 lloyd 改成你自己的帳號
=============================
debian:/# mailx -v lloyd < /etc/resolv.conf 
LOG: 0 MAIN
  <= root@debian.coventive.com U=root P=local S=396
debian:/# Exim version 3.35 debug level 1 uid=8 gid=8
Berkeley DB: Sleepycat Software: Berkeley DB 2.7.7: (08/20/99)
delivering message 186DbX-0000XZ-00
LOG: 0 MAIN
  => lloyd <lloyd@debian.coventive.com> D=localuser T=local_delivery
LOG: 0 MAIN
  Completed

debian:/#

=====================================
請以自己的帳號登入看是否收到來信
請參照下列步驟
=====================================

debian:/# login
debian login: lloyd
Password: 
Last login: Tue Oct 29 01:22:56 2002 on pts/0
Linux debian 2.4.19-gentoo-r9 #1 週二 10月 1 11:17:17 CST 2002 i686 unknown

Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/share/doc/*/copyright

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.   # 你有新的郵件
lloyd@debian:~$ mail # 執行 mail 讀信
Mail version 8.1.2 01/15/2001.  Type ? for help.
"/var/mail/lloyd": 1 message 1 new
>N  1 root@debian.coven  Tue Oct 29 01:23   15/534   
& 1                  # 輸入 1 閱讀第一封 
Message 1:
From root@debian.coventive.com Tue Oct 29 01:23:07 2002
Envelope-to: lloyd@debian.coventive.com
To: lloyd@debian.coventive.com
From: root <root@debian.coventive.com>
Date: Tue, 29 Oct 2002 01:23:07 +0800

search coventive.com
nameserver 168.95.1.1
nameserver 168.95.192.1

& q                  # 不錯內容相同,輸入 q 離開 mail 
Saved 1 message in //mbox
lloyd@debian:~$ exit # 輸入 exit 登出
logout
debian:/# 


=======================================================
Test Item 2: user@IP testing
請將 lloyd@\[192.168.23.34\] 改成你自己其他 mail 主機上的帳號
=======================================================

debian:~# mail -v lloyd@\[192.168.23.34\] < /etc/resolv.conf
LOG: 0 MAIN
  <= root@debian.coventive.com U=root P=local S=386
Exim version 3.35 debug level 1 uid=8 gid=8
Berkeley DB: Sleepycat Software: Berkeley DB 2.7.7: (08/20/99)
debian:~# delivering message 186Dow-0000Yv-00
Connecting to [192.168.23.34] [192.168.23.34.25] ... connected
  SMTP<< 220 debian.coventive.com ESMTP Exim 3.35 #1 Tue, 29 Oct 2002 01:41:36 +0800
  SMTP>> EHLO debian.coventive.com
  SMTP<< 250-debian.coventive.com Hello debian.coventive.com [192.168.23.33]
         250-SIZE
         250-PIPELINING
         250 HELP
  SMTP>> MAIL FROM:<root@debian.coventive.com> SIZE=1420
  SMTP>> RCPT TO:<lloyd@[192.168.23.34]>
  SMTP>> DATA
  SMTP<< 250 <root@debian.coventive.com> is syntactically correct
  SMTP<< 250 <lloyd@[192.168.23.34]> verified
  SMTP<< 354 Enter message, ending with "." on a line by itself
  SMTP>> writing message and terminating "."
  SMTP<< 250 OK id=186DtQ-00007b-00
  SMTP>> QUIT
LOG: 0 MAIN
  => lloyd@[192.168.23.34] R=literal T=remote_smtp H=[192.168.23.34] [192.168.23.34]
LOG: 0 MAIN
  Completed

debian:~# ssh -l lloyd 192.168.23.34
Password: 
Last login: Tue Oct 29 01:41:10 2002 from 192.168.23.33 on pts/3
Linux debian 2.2.20-idepci #1 Sat Apr 20 12:45:19 EST 2002 i686 unknown

Most of the programs included with the Debian GNU/Linux system are
freely redistributable; the exact distribution terms for each program
are described in the individual files in /usr/share/doc/*/copyright

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
You have new mail.
Last login: Tue Oct 29 01:41:45 2002 from 192.168.23.33
lloyd@endell:~$ exit
logout
Connection to 192.168.23.34 closed.
debian:~# 


=======================================================
Test Item 3: user@hostname.domain testing
請將 lloyd@mail.domain 改成你自己其他 mail 主機上的帳號
=======================================================
debian:~# mail -v lloyd@mail.domain < /etc/resolv.conf
debian:~# ssh -l lloyd mail.domain
you have new mail
mail:~# exit
debian:~#

=======================================================
Test Item 4: mail from other mail server testing
請將 lloyd@mail.domain 改成你自己其他 mail 主機上的帳號
=======================================================
debian:~# ssh -l lloyd mail.domain
mail:~# mail -v lloyd@debian.domain < /etc/resolv.conf
mail:~# exit
debian:~# mail   # 查看是否有由 mail.domain 來的新郵件

=======================================================
Test Item 5: 請自行測試
=======================================================