almxlinux8或9安装电子邮件系统maraidb+postfix+dovecot
本次测试可用于本地或互联网做自建邮件服务器
IP地址:192.168.0.188
测试系统:almxlinux8或almxlinux9、Rocky(8)、OpenCloudOS
数据库:mariadb,root密码设置为123258
邮件用户和数据库:mail
mail用户密码:123258
本地测试域名:loshub.com
组件:postfix、dovecot、spf、opendkim、mariadb、[amavis、ClamAV(内存小不推荐安装)]
硬件基本配置:CPU1核、内存1G、硬盘10GB。如果安装ClamAV需要4G以上内存
目的:无限域名、无限用户、无限别名、较安全的电子邮件系统。
一、升级一下系统
dnf clean all
dnf update -y
dnf install epel-release -y
dnf update -y
dnf install wget curl make tar perl perl-NetAddr-IP perl-Mail-SPF net-tools -y
dnf install perl-Sys-Hostname -y
dnf config-manager --set-enabled crb
二、开启防火墙
systemctl enable firewalld;
systemctl restart firewalld;
firewall-cmd --add-port=22/tcp --permanent;
firewall-cmd --add-port=25/tcp --permanent;
firewall-cmd --add-port=993/tcp --permanent;
firewall-cmd --add-port=995/tcp --permanent;
firewall-cmd --add-port=465/tcp --permanent;
firewall-cmd --add-port=587/tcp --permanent;
firewall-cmd --add-port=80/tcp --permanent;
firewall-cmd --add-port=443/tcp --permanent;
firewall-cmd --reload;
三、关闭se安全否则无法连接
setenforce 0;
sed -i "s#SELINUX=enforcing#SELINUX=disabled#g" /etc/selinux/config;
四,数据库
1,安装数据库maraidb并加入系统启动和设置root密码
dnf install mariadb-server mariadb -y
systemctl start mariadb
systemctl enable mariadb
mysqladmin -u root password 123258
2,创建邮件数据表及录入数据
进入数据库命令
创建用户和数据库
进入mysql
mysql -uroot -p123258
create database mail;
GRANT SELECT ON mail.* TO 'mail'@'127.0.0.1' IDENTIFIED BY '123258';
FLUSH PRIVILEGES;
USE mail;
3,创建域名表
CREATE TABLE `virtual_domains` (
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
4,创建邮件用户表
CREATE TABLE `virtual_users` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`password` VARCHAR(106) NOT NULL,
`email` VARCHAR(120) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
5,创建别名用户
CREATE TABLE `virtual_aliases` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
6,创建并生成一些测试数据
创建loshub.com的域名
INSERT INTO `mail`.`virtual_domains`
(`id` ,`name`)
VALUES
('1', 'loshub.com');
6.1,创建用户
INSERT INTO `mail`.`virtual_users`
(`id`, `domain_id`, `password` , `email`)
VALUES
('1', '1', ENCRYPT('123258', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), '[email protected]');
6.2,创建别名
INSERT INTO `mail`.`virtual_aliases`
(`id`, `domain_id`, `source`, `destination`)
VALUES
('1', '1', '[email protected]', '[email protected]');
退出mysql
quit
五、创建证书和密钥
mkdir -p /home/mail/ssl
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=loshub" -keyout /home/mail/ssl/ssl.key -out /home/mail/ssl/ssl.crt
openssl dhparam 2048 > /home/mail/ssl/dh.pem
openssl dhparam 1024 > /home/mail/ssl/pdh.pem
chmod a+r /home/mail/ssl/ssl.crt /home/mail/ssl/ssl.key /home/mail/ssl/dh.pem /home/mail/ssl/pdh.pem
六、postfix安装与配置
1,安装postfix
dnf install postfix postfix-ldap postfix-mysql -y
dnf install postfix-lmdb -y
2,创建数据库连接文件
创建域名文件/etc/postfix/mysql-virtual-mailbox-domains.cf并录入以下内容
user = mail
password = 123258
hosts = 127.0.0.1
dbname = mail
query = SELECT 1 FROM virtual_domains WHERE name='%s'
3,创建邮件用户文件/etc/postfix/mysql-virtual-mailbox-maps.cf并录入以下内容
user = mail
password = 123258
hosts = 127.0.0.1
dbname = mail
query = SELECT 1 FROM virtual_users WHERE email='%s'
4,创建别名文件/etc/postfix/mysql-virtual-alias-maps.cf并录入以下内容
user = mail
password = 123258
hosts = 127.0.0.1
dbname = mail
query = SELECT destination FROM virtual_aliases WHERE source='%s'
5,配置/etc/postfix/main.cf文件并录入以下内容
mydomain = loshub.com
myorigin = mail.loshub.com
myhostname = mail.loshub.com
mydestination = \$mydomain
inet_interfaces = all
message_size_limit=52428800
mailbox_size_limit=0
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_mandatory_protocols = TLSv1.1,TLSv1.2
smtpd_tls_protocols = TLSv1.1,TLSv1.2
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = AES128+EECDH:AES128+EDH
smtpd_tls_security_level = may
smtpd_tls_loglevel = 0
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
tls_smtp_use_tls = yes
smtpd_tls_dh1024_param_file = /home/mail/ssl/pdh.pem
smtpd_tls_cert_file=/home/mail/ssl/ssl.crt
smtpd_tls_key_file=/home/mail/ssl/ssl.key
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policy-spf
smtpd_banner = $myhostname ESMTP \$mail_name (almx)
biff = no
append_dot_mydomain = no
readme_directory = no
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf mysql:/etc/postfix/mysql-virtual-alias-maps.cf
#DKIM
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept
6,配置/etc/postfix/master.cf文件
smtp inet n - n - - smtpd
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/auth
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o syslog_name=postfix/$service_name
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
policy-spf unix - n n - - spawn
user=nobody argv=/var/spool/postfix/policyd-spf-perl
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
六、dovecot安装与配置
1,安装dovecot
dnf install dovecot dovecot-mysql dovecot-pigeonhole -y
2,配置/etc/dovecot/dovecot.conf
protocols = imap lmtp pop3
listen = *, ::
mail_max_userip_connections = 50
!include conf.d/*.conf
!include_try local.conf
3,配置/etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/home/mail/vhosts/%d/%n
mail_privileged_group = mail
4,创建vmail用户并给权
创建用户组和用户
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/mail
创建域名目录与修改/var/mail和/etc/dovecot的拥有者
mkdir -p /home/mail/vhosts/loshub.com
chown -R vmail:vmail /home/mail
chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot
5,配置/etc/dovecot/conf.d/10-auth.conf文件
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-sql.conf.ext
6.配置/etc/dovecot/conf.d/auth-sql.conf.ext文件
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/mail/vhosts/%d/%n
}
7,配置/etc/dovecot/dovecot-sql.conf.ext文件
driver = mysql
connect = host=127.0.0.1 dbname=mail user=mail password=123258
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
8,配置/etc/dovecot/conf.d/10-master.conf
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
#port = 995
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service auth-worker {
user = vmail
}
9,配置/etc/dovecot/conf.d/10-ssl.conf文件
ssl = required
ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes
ssl_dh = </home/mail/ssl/dh.pem
ssl_cert = </home/mail/ssl/ssl.crt
ssl_key = </home/mail/ssl/ssl.key
10,配置/etc/dovecot/conf.d/15-mailboxes.conf文件
namespace inbox {
inbox = yes
mailbox Drafts {
auto = create
special_use = \Drafts
}
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Trash {
auto = create
special_use = \Trash
}
mailbox Sent {
auto = create
special_use = \Sent
}
mailbox "Sent Messages" {
auto = create
special_use = \Sent
}
}
七、安装spf
wget http://source.loshub.com/linux/perl/Sys-Hostname-Long-1.5.tar.gz
tar zxf Sys-Hostname-Long-1.5.tar.gz
cd Sys-Hostname-Long-1.5
perl Makefile.PL
make -j2&&make install
cd ..&&rm -rf Sys-Hostname-Long-1.5.tar.gz Sys-Hostname-Long-1.5
wget https://launchpad.net/postfix-policyd-spf-perl/trunk/2.011/+download/postfix-policyd-spf-perl-2.011.tar.gz
tar zxf postfix-policyd-spf-perl-2.011.tar.gz
mkdir -p /var/spool/postfix
cp postfix-policyd-spf-perl-2.011/postfix-policyd-spf-perl /var/spool/postfix/policyd-spf-perl
rm -rf postfix-policyd-spf-perl-2.011.tar.gz postfix-policyd-spf-perl-2.011
八、安装配置opendkim
1.安装并创建openkey目录
dnf install opendkim opendkim-tools -y
2.配置/etc/opendkim.conf,录入以下内容
UserID opendkim:opendkim
UMask 022
Mode sv
PidFile /var/run/opendkim/opendkim.pid
Canonicalization relaxed/relaxed
TemporaryDirectory /var/tmp
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
MinimumKeyBits 1024
Socket inet:[email protected]
LogWhy Yes
Syslog Yes
SyslogSuccess Yes
3.生成dkim注意把域名换成你的域名
mkdir -p /etc/opendkim/keys/loshub.com
opendkim-genkey -D /etc/opendkim/keys/loshub.com/ -d loshub.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/loshub.com
mv /etc/opendkim/keys/loshub.com/default.private /etc/opendkim/keys/loshub.com/default
4.查看生成的dkim并解析到DNS商处txt的记录值
4.1查看生成的dkim值
cat /etc/opendkim/keys/loshub.com/default.txt
4.2得到值
default._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0rQad5GmumdGHVPBvgT2gdEgmE3c8mvlE5h/Im6tCY3hnuAPkfxIsD2bn0mPifkHFmHzrQ3tP+228dOZ/3eQxESwxmFVJB3VMy7J4NDKQv2T33IPyGgkWLzkcS25Ao4nONrTXWnA+mOOm3AgmzhufM94/tr2v/JMkiTHwtf+ZTwIDAQAB" ) ; ----- DKIM key default for loshub.com
4.3去DNS服务商处解析
主机头为:default._domainkey,类型为:txt,记录值为:v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0rQad5GmumdGHVPBvgT2gdEgmE3c8mvlE5h/Im6tCY3hnuAPkfxIsD2bn0mPifkHFmHzrQ3tP+228dOZ/3eQxESwxmFVJB3VMy7J4NDKQv2T33IPyGgkWLzkcS25Ao4nONrTXWnA+mOOm3AgmzhufM94/tr2v/JMkiTHwtf+ZTwIDAQAB
就是取括号里的内容并云掉"号和空格。
5.把loshub.com添加到/etc/opendkim/KeyTable
echo "default._domainkey.loshub.com loshub.com:default:/etc/opendkim/keys/loshub.com/default" >> /etc/opendkim/KeyTable
6.修改/etc/opendkim/SigningTable并添加如下记录
echo "*@loshub.com default._domainkey.loshub.com" >> /etc/opendkim/SigningTable
7.添加信任主机/etc/opendkim/TrustedHosts,mail.loshub.com是服务器名称
echo "loshub.com" >> /etc/opendkim/TrustedHosts
echo "mail.loshub.com" >> /etc/opendkim/TrustedHosts
九、加入系统启动
systemctl enable mariadb
systemctl enable postfix
systemctl enable dovecot
systemctl enable opendkim
十、启动
systemctl start postfix
systemctl start dovecot
systemctl start opendkim
十一、查看端口是否启动
netstat -ntlp
完成
本文系作者 @天边的云 原创发布在Loshub站点。未经许可,禁止转载。
暂无评论数据