CentOS配置邮件服务器(postfix+dovecot) 2018-12-30 日常记录 暂无评论 255 次阅读 在Linode机器、阿里云主机,CentOS 6.8 x86_64与CentOS 7.6 x86_64上成功实现。 <!--more--> # 简介 使用的软件: 1. cyrus-sasl Simple Authentication Security Layer 简单认证安全层, 主要用于SMTP认证。 其在OS中的守护进程为saslauthd 1. postfix **作为发送服务器** postfix是一个为了改良sendmail而产生的邮件服务器,配置简单方便。 1. dovecot **作为接收服务器** dovecot是一个开源的IMAP和POP3邮件服务器。 ``` POP/IMAP是MUA从邮件服务器中读取邮件时使用的协议。 POP3是从邮件服务器中下载邮件存起来 IMAP则是将邮件留在服务器端直接对邮件进行管理、操作。 ``` 1. postfixadmin postfixadmin是一个基于web的postfix管理工具,可以直接管理将数据存储在MYSQL或PostgreSQL数据库的postfix。 postfix的邮件用户和虚拟域名的管理都是通过postfixadmin来进行的。 **注意!在本文中用domain.com代替域名,用example@domain.com表示邮件地址!** # 环境配置 ### 域名解析 **不支持IPV6的主机请忽略AAAA记录,但如果支持一定要添加,不然GMAIL会拒收** | 主机记录 | 记录类型 | 记录内容 | | ------------ | ------------ | ------------ | | mail | A | 主机IPv4地址 | | mail|AAAA|主机IPv6地址| | @ | MX | mail.domain.com | | @ | TXT | v=spf1 a -all | | imap | CNAME | mail.domain.com | |smtp|CNAME|mail.domain.com| |mailadmin|A|主机IPv4地址| |mailadmin|AAAA|主机IPv6地址| |_dmarc|TXT|v=DMARC1; p=none| **并不是最终配置,等一会生成DKIM后仍需要添加一条TXT** ### DNS反向解析 简单来说DNS反向解析就是可以使用IP地址反查到域名。 具体服务商具体操作不一样,以linode为例: 在服务器页面中点击上方""Remote Access"" 在Public IPs下方可以看到""Reserve DNS"" 点进去,域名添加""mail.domain.com"",点击旁边确认 Linode会根据域名解析记录自动查找对应的解析记录,并出现提示是否将该IP反向解析到该域名,点选“YES” **注意:该步骤中如果该机器有IPv6地址且mail.domain.com的AAAA记录指向了该IPv6地址的话会一同出现是否反向解析。一定要选YES不然GMAIL会拒收** ### web环境安装配置 这里使用LNMP一键安装包:[LNMP1.5正式版](https://www.lnmp.org/notice/lnmp-v-15.html ""LNMP1.5正式版"") 安装好后还需要手动编译添加imap扩展 (当然yum安装的pong友们就可以直接yum -y install php-imap) 进入下载lnmp1.5的目录 ```bash #安装依赖 yum -y install libc-client-devel #进入src,解压php源码 cd src tar -jxvf php-5.6.36.tar.bz2 cd php-5.6.36 cd ext cd imap /usr/local/php/bin/phpize #configure ./configure --with-php-config=/usr/local/php/bin/php-config --with-kerberos --with-imap-ssl --with-libdir=lib64 #make and make install make && make install #修改php.ini vi /usr/local/php/etc/php.ini #在其中添加 extension = "imap.so" #重启php-fpm lnmp php-fpm restart ``` ### MYSQL配置 ```bash yum -y install mysql-devel ``` 安装完成后务必确保设置正确,如不确定请使用: ```bash mysql_secure_installation ``` 然后: ```sql #登录MYSQL mysql -uroot -p'密码' --创建数据库postfix CREATE database postfix default character set utf8 collate utf8_bin; --创建postfix用户,设置密码及赋予postfix库权限 GRANT ALL on postfix.* to 'postfix'@'localhost' identified by '密码在这里设置'; --刷新 flush privileges; ``` ### 主机名修改 ```bash vi /etc/sysconfig/network #修改HOSTNAME=mail.domain.com #然后重启机器 reboot ``` ### 创建用户 我们需要创建一个不能登录系统的用户来管理邮件 ```bash groupadd -g 5000 vmail useradd -g vmail -u 5000 -s /sbin/nologin vmail ``` ### 生成SSL证书、配置postfixadmin/mail.domain.com 使用lnmp自带Let's Encrypt来生成证书。(若无lnmp可以自己使用acme.sh的standalone模式生成) ```bash #配置mail.domain.com #添加虚拟主机 lnmp vhost add #主域名输入mail.domain.com #副域名输入imap.domain.com smtp.domain.com #不需要rewrite及pathinfo #选择使用SSL #使用自带Let's Encrypt创建SSL证书 #配置postfixadmin同上,只不过不需要副域名,且postfixadmin不需要自己的数据库。 ``` # 软件安装及配置 ### cyrus-sasl ```bash yum -y install cyrus-sasl #查询版本 saslauthd -v ``` 本文使用2.1.23版本进行配置 ```bash vi /etc/sysconfig/saslauthd #修改: MECH=shadow vi /etc/sasl2/smtpd.conf #若CentOS 7: vim /usr/lib64/sas12/smtpd.conf #64位系统 vim /usr/lib/sas12/smtpd.conf #32位系统 #修改为: pwcheck_method: saslauthd mech_list: plain login log_level: 3 saslauthd_path:/var/run/saslauthd/mux #重启sasl service saslauthd restart #测试sasl testsaslauthd -u root -p '密码' #出现0: OK Success.即配置成功。 ``` ### postfix ```bash yum -y install postfix #查看版本 postconf -d | grep mail_version #mail_verion = 2.6.6 #本文使用2.6.6进行配置 vi /etc/postfix/main.cf ``` 修改: ``` myhostname = mail.domain.com mydomain = domain.com myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost local_recipient_maps = ``` 在其中增加: **注意替换证书地址** ``` #验证设置 smtpd_sasl_type = dovecot smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_application_name = smtpd smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_unknown_sender_domain smtpd_sasl_security_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination smtpd_client_restrictions = permit_sasl_authenticated smtpd_sasl_security_options = noanonymous proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps #虚拟设置 virtual_mailbox_base = /home/vmail/ virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 virtual_transport = dovecot dovecot_destination_recipient_limit = 1 #SSL(注意将证书地址替换!) smtpd_use_tls= yes smtpd_tls_cert_file = fullchain.cer smtpd_tls_key_file = xxxx.key smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_loglevel = 0 smtpd_tls_auth_only = yes ``` ```bash #修改master.cf vi /etc/postfix/master.cf #修改(注意,第二行开头的两个空格不能少) smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes #添加(注意,第二行开头的两个空格不能少) dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient} ``` 数据库连接: 本例中:数据库用户名:postfix 密码:postfix 主机:localhost 数据库:postfix **自行替换!** ```bash mkdir /etc/postfix/sql/ vim /etc/postfix/sql/mysql_virtual_alias_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1' vim /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1' vim /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1' vim /etc/postfix/sql/mysql_virtual_domains_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' AND active = '1' vim /etc/postfix/sql/mysql_virtual_mailbox_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1' vim /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u','@',alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1' vim /etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1' ``` ### dovecot 安装: ```bash yum -y install dovecot dovecot-devel dovecot-mysql pam-devel ``` 配置: ```bash vi /etc/dovecot/dovecot.conf #修改或增加 protocols = imap listen = * !include conf.d/*.conf passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = static args = uid=5000 gid=5000 home=/home/vmail/%d/%n } vi /etc/dovecot/conf.d/10-auth.conf #修改 disable_plaintext_auth = no auth_mechanisms = plain login cram-md5 !include auth-system.conf.ext vi /etc/dovecot/conf.d/10-ssl.conf #修改 ssl = yes #SSL证书(记得保留<) ssl_cert = <xxx.crt ssl_key = <xxx.pem vim /etc/dovecot/conf.d/10-master.conf service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service auth { unix_listener auth-userdb { mode = 0600 user = vmail group = vmail } unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix } } vim /etc/dovecot/conf.d/15-lda.conf #修改 postmaster_address = postmaster@example.com vim /etc/dovecot/dovecot-sql.conf.ext #MYSQL相关,注意修改信息! driver = mysql connect = host=localhost dbname=postfix user=postfix password=postfix default_pass_scheme = MD5-CRYPT password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1' user_query = SELECT maildir, 5000 AS uid, 5000 AS gid, CONCAT('dict:storage=',floor(quota/1000),' proxy::quota') as quota FROM mailbox WHERE username = '%u' AND active='1' ``` **未完待续** 标签: none 本作品采用 知识共享署名 4.0 国际许可协议 进行许可。
