ubuntu22lts或debian下安装邮件服务器postfix+deovecot+mysql
本次测试可用于本地或互联网做自建邮件服务器
IP地址:192.168.0.210
系统:ubuntu22.04.3 LTS、debian11,12
数据库:mariadb,root密码设置为123258
邮件用户和数据库:mail
mail用户密码:123258
本地测试域名:loshub.com
组件:mariadb、postfix、dovecot、sfp、opendkim
目的:无限域名、无限用户、无限别名、较安全的电子邮件系统。
升级一下系统
apt-get update -y
apt-get upgrade -y
apt-get install net-tools make curl wget bzip2 -y
一,数据库
1,安装数据库maraidb并加入系统启动和设置root密码
apt-get install mariadb-server -y
systemctl daemon-reload
systemctl enable mysql
systemctl start mysql
mysqladmin -u root password 123258
2,创建邮件数据表及录入数据
进入数据库命令
创建用户和数据库
进入mysql
mysql -uroot -p123258
create database mail;
GRANT SELECT ON mail.* TO 'mail'@'127.0.0.1' IDENTIFIED BY '123258';
FLUSH PRIVILEGES;
USE mail;
3,创建域名表
CREATE TABLE `virtual_domains` (
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
4,创建邮件用户表
CREATE TABLE `virtual_users` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`password` VARCHAR(106) NOT NULL,
`email` VARCHAR(120) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
5,创建别名用户
CREATE TABLE `virtual_aliases` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
6.创建并生成一些测试数据
创建loshub.com的域名
INSERT INTO `mail`.`virtual_domains`
(`id` ,`name`)
VALUES
('1', 'loshub.com');
7.创建用户
INSERT INTO `mail`.`virtual_users`
(`id`, `domain_id`, `password` , `email`)
VALUES
('1', '1', ENCRYPT('123258', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), '[email protected]');
8.创建别名
INSERT INTO `mail`.`virtual_aliases`
(`id`, `domain_id`, `source`, `destination`)
VALUES
('1', '1', '[email protected]', '[email protected]');
退出mysql
quit
二、创建证书和密钥
mkdir -p /home/mail/ssl
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=loshub" -keyout /home/mail/ssl/ssl.key -out /home/mail/ssl/ssl.crt
openssl dhparam 2048 > /home/mail/ssl/dh.pem
openssl dhparam 1024 > /home/mail/ssl/pdh.pem
chmod a+r /home/mail/ssl/ssl.crt /home/mail/ssl/ssl.key /home/mail/ssl/dh.pem /home/mail/ssl/pdh.pem
三、postfix安装与配置
1,安装postfix
apt install postfix postfix-mysql -y
2,创建数据库连接文件
创建域名文件/etc/postfix/mysql-virtual-mailbox-domains.cf并录入以下内容
user = mail
password = 123258
hosts = 127.0.0.1
dbname = mail
query = SELECT 1 FROM virtual_domains WHERE name='%s'
3.创建邮件用户文件/etc/postfix/mysql-virtual-mailbox-maps.cf并录入以下内容
user = mail
password = 123258
hosts = 127.0.0.1
dbname = mail
query = SELECT 1 FROM virtual_users WHERE email='%s'
4.创建别名文件/etc/postfix/mysql-virtual-alias-maps.cf并录入以下内容
user = mail
password = 123258
hosts = 127.0.0.1
dbname = mail
query = SELECT destination FROM virtual_aliases WHERE source='%s'
5,配置/etc/postfix/main.cf文件并录入以下内容
mydomain = loshub.com
myorigin = mail.loshub.com
myhostname = mail.loshub.com
mydestination = \$mydomain
inet_interfaces = all
message_size_limit=52428800
mailbox_size_limit=0
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_mandatory_protocols = TLSv1.1,TLSv1.2
smtpd_tls_protocols = TLSv1.1,TLSv1.2
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = AES128+EECDH:AES128+EDH
smtpd_tls_security_level = may
smtpd_tls_loglevel = 0
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
tls_smtp_use_tls = yes
smtpd_tls_dh1024_param_file = /home/mail/ssl/pdh.pem
smtpd_tls_cert_file=/home/mail/ssl/ssl.crt
smtpd_tls_key_file=/home/mail/ssl/ssl.key
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policy-spf
smtpd_banner = $myhostname ESMTP \$mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf mysql:/etc/postfix/mysql-virtual-alias-maps.cf
#DKIM
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
6,配置/etc/postfix/master.cf文件
smtp inet n - n - - smtpd
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
policy-spf unix - n n - - spawn
user=nobody argv=/var/spool/postfix/policyd-spf-perl
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
四、dovecot安装与配置
1,安装dovecot
apt install dovecot-core dovecot-pop3d dovecot-imapd dovecot-lmtpd dovecot-mysql -y
2,配置/etc/dovecot/dovecot.conf
protocols = imap lmtp pop3
listen = *, ::
mail_max_userip_connections = 50
!include conf.d/*.conf
!include_try local.conf
3,配置/etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/home/mail/vhosts/%d/%n
mail_privileged_group = mail
4,创建vmail用户并给权
创建用户组和用户
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/mail
5.创建域名目录与修改/var/mail和/etc/dovecot的拥有者
mkdir -p /home/mail/vhosts/loshub.com
chown -R vmail:vmail /home/mail
chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot
6,配置/etc/dovecot/conf.d/10-auth.conf文件
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-sql.conf.ext
7.配置/etc/dovecot/conf.d/auth-sql.conf.ext文件
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/mail/vhosts/%d/%n
}
8,配置/etc/dovecot/dovecot-sql.conf.ext文件
driver = mysql
connect = host=127.0.0.1 dbname=mail user=mail password=123258
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
9,配置/etc/dovecot/conf.d/10-master.conf
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
#port = 995
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service auth-worker {
user = vmail
}
10,配置/etc/dovecot/conf.d/10-ssl.conf文件
ssl = required
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes
ssl_dh = </home/mail/ssl/dh.pem
ssl_cert = </home/mail/ssl/ssl.crt
ssl_key = </home/mail/ssl/ssl.key
11,配置/etc/dovecot/conf.d/15-mailboxes.conf文件
namespace inbox {
inbox = yes
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Trash {
auto = create
special_use = \Trash
}
mailbox Sent {
auto = create
special_use = \Sent
}
mailbox "Sent Messages" {
auto = create
special_use = \Sent
}
}
五、安装spf
wget http://source.loshub.com/linux/perl/Sys-Hostname-Long-1.5.tar.gz
tar zxf Sys-Hostname-Long-1.5.tar.gz
cd Sys-Hostname-Long-1.5
perl Makefile.PL
make -j2&&make install
cd ..&&rm -rf Sys-Hostname-Long-1.5.tar.gz Sys-Hostname-Long-1.5
wget http://source.loshub.com/linux/perl/NetAddr-IP-4.079.tar.gz
tar zxf NetAddr-IP-4.079.tar.gz
cd NetAddr-IP-4.079
perl Makefile.PL
make -j2&&make install
cd ..&&rm -rf NetAddr-IP-4.079.tar.gz NetAddr-IP-4.079
wget http://source.loshub.com/linux/perl/Module-Build-0.4234.tar.gz
tar zxf Module-Build-0.4234.tar.gz
cd Module-Build-0.4234
perl Makefile.PL
make -j2&&make install
cd ..&&rm -rf Module-Build-0.4234.tar.gz Module-Build-0.4234
wget http://source.loshub.com/linux/perl/Mail-SPF-v2.9.0.tar.gz
tar zxf Mail-SPF-v2.9.0.tar.gz
cd Mail-SPF-v2.9.0
perl Makefile.PL
make -j2&&make install
cd ..&&rm -rf Mail-SPF-v2.9.0.tar.gz Mail-SPF-v2.9.0
wget http://source.loshub.com/linux/perl/Error-0.17029.tar.gz
tar zxf Error-0.17029.tar.gz
cd Error-0.17029
perl Makefile.PL
make -j2&&make install
cd ..&&rm -rf Error-0.17029.tar.gz Error-0.17029
wget http://source.loshub.com/linux/perl/Net-DNS-1.42.tar.gz
tar zxf Net-DNS-1.42.tar.gz
cd Net-DNS-1.42
perl Makefile.PL
make -j2&&make install
cd ..&&rm -rf Net-DNS-1.42.tar.gz Net-DNS-1.42
wget https://source.loshub.com/linux/mail/postfix-policyd-spf-perl-2.011.tar.gz
tar zxf postfix-policyd-spf-perl-2.011.tar.gz
mkdir -p /var/spool/postfix
cp postfix-policyd-spf-perl-2.011/postfix-policyd-spf-perl /var/spool/postfix/policyd-spf-perl
rm -rf postfix-policyd-spf-perl-2.011.tar.gz postfix-policyd-spf-perl-2.011
六、安装配置dkim
1.安装DKIM
apt install opendkim opendkim-tools -y
2.配置dkim文件/etc/opendkim.conf,录入以下内容
UserID opendkim:opendkim
UMask 022
Mode sv
PidFile /var/run/opendkim/opendkim.pid
Canonicalization relaxed/relaxed
TemporaryDirectory /var/tmp
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
MinimumKeyBits 1024
Socket inet:[email protected]
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
3.生成dkim注意把域名换成你的域名
mkdir -p /etc/opendkim/keys/loshub.com
opendkim-genkey -D /etc/opendkim/keys/loshub.com/ -d loshub.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/loshub.com
mv /etc/opendkim/keys/loshub.com/default.private /etc/opendkim/keys/loshub.com/default
4.查看生成的dkim并解析到DNS商处txt的记录值
4.1查看生成的dkim值
cat /etc/opendkim/keys/loshub.com/default.txt
4.2得到值
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0rQad5GmumdGHVPBvgT2gdEgmE3c8mvlE5h/Im6tCY3hnuAPkfxIsD2bn0mPifkHFmHzrQ3tP+228dOZ/3eQxESwxmFVJB3VMy7J4NDKQv2T33IPyGgkWLzkcS25Ao4nONrTXWnA+mOOm3AgmzhufM94/tr2v/JMkiTHwtf+ZTwIDAQAB" ) ; ----- DKIM key default for loshub.com
4.3去DNS服务商处解析
主机头为:default._domainkey,类型为:txt,记录值为:v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0rQad5GmumdGHVPBvgT2gdEgmE3c8mvlE5h/Im6tCY3hnuAPkfxIsD2bn0mPifkHFmHzrQ3tP+228dOZ/3eQxESwxmFVJB3VMy7J4NDKQv2T33IPyGgkWLzkcS25Ao4nONrTXWnA+mOOm3AgmzhufM94/tr2v/JMkiTHwtf+ZTwIDAQAB
就是取括号里的内容并云掉"号和空格。
5.把loshub.com添加到/etc/opendkim/KeyTable
echo "default._domainkey.loshub.com loshub.com:default:/etc/opendkim/keys/loshub.com/default" >> /etc/opendkim/KeyTable
6.修改/etc/opendkim/SigningTable并添加如下记录
echo "*@loshub.com default._domainkey.loshub.com" >> /etc/opendkim/SigningTable
7.添加信任主机/etc/opendkim/TrustedHosts,mail.loshub.com是服务器名称
echo "loshub.com" >> /etc/opendkim/TrustedHosts
echo "mail.loshub.com" >> /etc/opendkim/TrustedHosts
修改启动文件/usr/lib/systemd/system/opendkim.service可以直接删除在创建并录入以下内容
[Unit]
Description=OpenDKIM Milter
Documentation=man:opendkim(8) man:opendkim.conf(5) man:opendkim-lua(3) man:opendkim-genkey(8) man:opendkim-genzone(8) man:opendkim-testkey(8) http://www.opendkim.org/docs.html
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/opendkim/opendkim.pid
ExecStart=/usr/sbin/opendkim -Dx /etc/opendkim.conf
ExecReload=/bin/kill -USR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
加入系统启动
systemctl enable mysql
systemctl enable postfix
systemctl enable dovecot
systemctl enable opendkim
启动
systemctl restart postfix
systemctl restart dovecot
systemctl restart opendkim
查看端口是否启动
netstat -ntlp
本文系作者 @天边的云 原创发布在Loshub站点。未经许可,禁止转载。
暂无评论数据