admin';?>

首页 / 电子邮件系统

Postfix + Dovecot + Mysql 搭建自己的电子邮件系统

By admin  •  2022-01-01 13:15:44  •  734次点击
永久外链: https://i.otherhill.com/static/df4575916ac111ec87ea2089845721cb.html

2.  Postfix 3.6.2 安装与配置

书接上回, Postfix比作邮局, 邮局负责收发邮件, 不仅负责与管家Dovecot通讯, 还负责收发邮局与邮局间的邮件.邮局与邮局间的电邮,只能通过25端口.
postfix插件架构,保证了其配置的灵活性,但同时也造成了安装的复杂性.我们这里只涉及postfix与dovecot,mysql的搭配,先让它能正常工作,可以收发邮件.
以i@otherhill.com配置为例, 我们把email服务器所有相关软件,全部安装在/opt/tsMail目录下.


我们使用postfix v3.6.2, 2021.12 最新稳定版.   http://www.postfix.org/download.html

1. 新建用户及组

sudo userdel postfix
sudo groupdel postdrop
sudo groupadd -g 2525 postfix
sudo useradd -g postfix -u 2525 -s/sbin/nologin -M postfix
sudo groupadd -g 2526 postdrop
sudo useradd -g postdrop -u 2526 -s/sbin/nologin -M postdrop

groupadd -g 5000 vmail
useradd -s /sbin/nologin -g vmail -u 5000 vmail -d /opt/tsMail/var/mail
adduser -M -s /sbin/nologin -g vmail -u 5000 vmail

2. 文件目录权限

mkdir -p /opt/tsMail/var/mail/vhosts/otherhill.com

postfix -c /opt/tsMail/etc/postfix set-permissions
chmod -R o-rwx /opt/tsMail/etc/postfix
chown -R postfix:postfix /opt/tsMail/var/lib/postfix
chown -R postfix:postfix /opt/tsMail/var/spool/postfix/private
chown -R postfix:postdrop /opt/tsMail/var/spool/postfix/public
chown -R postfix /opt/tsMail/var/spool/postfix
chown  vmail:vmail /opt/tsMail/var/mail

3. Postfix 配置

/opt/tsMail/etc/postfix/main.cf:  14.225.153.50 为vps服务器所在IP, 改为你自己的公网IP即可.
compatibility_level = 3.6

# FQDN
myhostname = mail.otherhill.com
mydomain = otherhill.com
myorigin = otherhill.com

#这里定义了Postfix接收邮件时的收件人域名,即Postfix要接收哪些域名的邮件,不在此区域内的都算是中继邮件,如果不加$mydomain的话那么就不允许收本域内邮件。
mydestination = $mydomain, localhost, localhost.localdomain

mynetworks = 127.0.0.0/8    [::ffff:127.0.0.0]/104 [::1]/128
#relay_domains = $mydestination
#relayhost=14.225.153.50, 则表示从14.225.153.50:25发信, 因有些主机提供商反垃圾邮件的考虑,可能会予以禁止,警告或封杀,所以此处置空.表示从本机特定端口收发邮件,而不从VPS中转.
relayhost =

#smtpd_authorized_xclient_hosts = $mynetworks

#规定邮件最大尺寸为10M
message_size_limit = 10485760 
# 规定收件箱最大容量为1G 
mailbox_size_limit = 1073741824

virtual_mailbox_limit = 1073741824

recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

smtpd_banner = $myhostname ESMTP $mail_name

home_mailbox = Maildir/

#smtp Authentication
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

#Postfix can append a domain name (or any other string) to a SASL login name that does not have a domain part, e.g. "john" instead of "john@otherhill.com"
smtpd_sasl_local_domain = otherhill.com

# Postfix can hide the AUTH capability from these clients/networks
smtpd_sasl_exceptions_networks = !192.0.2.171/32, 192.0.2.0/24
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous


#Enable TLS Encryption when Postfix receives incoming emails
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
#To offer SASL authentication only after a TLS-encrypted session has been established
smtpd_tls_auth_only = yes
smtpd_tls_security_level = encrypt

smtpd_tls_session_cache_database = btree:/opt/tsMail/var/lib/postfix/smtpd_scache
#24 hours
smtpd_tls_session_cache_timeout = 86400s
smtpd_tls_CAfile= /opt/ssl/otherhill.com/chain.pem
smtpd_tls_cert_file=/opt/ssl/otherhill.com/fullchain.pem
smtpd_tls_key_file=/opt/ssl/otherhill.com/privkey.pem

smtpd_tls_loglevel = 1
smtpd_tls_ask_ccert = yes

smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1


#Enable TLS Encryption when Postfix sends outgoing emails
smtp_use_tls = yes
smtp_tls_security_level=encrypt
smtp_tls_CAfile=/opt/ssl/otherhill.com/chain.pem
smtp_tls_cert_file=/opt/ssl/otherhill.com/fullchain.pem
smtp_tls_key_file=/opt/ssl/otherhill.com/privkey.pem
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1


# Restrictions
smtpd_helo_restrictions = permit

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    check_policy_service inet:127.0.0.1:12340,
    reject_unauth_destination

smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain
smtpd_relay_restrictions =
        permit_mynetworks
        permit_sasl_authenticated,
	reject_unauth_destination


# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
# 增加dovecot对所有在数据库中的virtual domains的支持
virtual_transport = lmtp:unix:private/dovecot-lmtp


# Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/opt/tsMail/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/opt/tsMail/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/opt/tsMail/etc/postfix/mysql-virtual-alias-maps.cf,
        mysql:/opt/tsMail/etc/postfix/mysql-virtual-email2email.cf

virtual_mailbox_base = /opt/tsMail/var/mail/vhosts
#you must run postalias /opt/tsMail/etc/aliases/system before.
alias_maps     = hash:/opt/tsMail/etc/aliases/system
alias_database = hash:/opt/tsMail/etc/aliases/system

# Even more Restrictions and MTA params

strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h
smtputf8_autodetect_classes = all

# Reply Rejection Codes
invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550

queue_directory      = /opt/tsMail/var/spool/postfix
daemon_directory     = /opt/tsMail/libexec
data_directory       = /opt/tsMail/var/lib/postfix
command_directory    = /opt/tsMail/sbin
shlib_directory      = /opt/tsMail/lib
sendmail_path        = /opt/tsMail/sbin/sendmail
mailq_path           = /opt/tsMail/bin/mailq
mail_spool_directory = /opt/tsMail/var/spool/mail
meta_directory       = /opt/tsMail/etc/postfix
sample_directory     = /opt/tsMail/etc/postfix

smtp_host_lookup = dns

smtputf8_enable = yes


如下所示,标准的SMTP端口,25改为4144, 587 改为 4149, 465 改为 4148, 其用意是, 在VPS上才用这些标准端口, 实际的email server上我们改为其它非标准端口,在vps上做email反代,好处有二:
1. 增加了后端真实email server主机的安全性.
2. 你可以以最小代价,随时换VPS, VPS仅用于流量中转,本身不存储任何数据.
客户端(Outlook, Thundbird, Hotmail) <---> vps服务器(反向代理) <---> 后端服务器(your real email servers)

/opt/tsMail/etc/postfix/master.cf:
#smtp 25 port, change to 4144
4144      inet  n       -       n       -       -       smtpd

#587 port, change to 4149
4149     inet     n    -    n    -    -    smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_tls_wrappermode=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,permit
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

#smtps 465 port ,change to 4148
4148     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth
    ....

dovecot   unix  -       n       n       -       -       pipe
    flags=DRhu user=vmail:vmail argv=/opt/tsMail/libexec/dovecot/deliver -f ${sender} -d ${recipient}

如/opt/tsMail/etc/postfix/main.cf中所标:
virtual_mailbox_domains = mysql:/opt/tsMail/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/opt/tsMail/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/opt/tsMail/etc/postfix/mysql-virtual-alias-maps.cf,
        mysql:/opt/tsMail/etc/postfix/mysql-virtual-email2email.cf
我们需要用mysql-virtual-mailbox-domains.cf, mysql-virtual-mailbox-maps.cf, mysql-virtual-alias-maps.cf, mysql-virtual-email2email.cf 这些文件,来指引Postfix, 查找电邮的域名,邮箱帐户,以及帐户别名的配置.
/opt/tsMail/etc/postfix/mysql-virtual-mailbox-domains.cf:
user = root
password = your_mysql_password
dbname = ts_mail
hosts = 127.0.0.1
query = SELECT name FROM virtual_domains WHERE name='%s'

/opt/tsMail/etc/postfix/mysql-virtual-mailbox-maps.cf:
user = root
password = your_mysql_password
dbname = ts_mail
hosts = 127.0.0.1
query = SELECT 1 FROM virtual_users WHERE email='%s'

/opt/tsMail/etc/postfix/mysql-virtual-alias-maps.cf:
user = root
password = your_mysql_password
dbname = ts_mail
hosts = 127.0.0.1
query = SELECT destination FROM virtual_aliases WHERE source='%s'


/opt/tsMail/etc/postfix/mysql-virtual-email2email.cf:
user = root
password = your_mysql_password
dbname = ts_mail
hosts = 127.0.0.1
query = SELECT email FROM virtual_users WHERE email='%s'

这些文件内容,浅显易懂,就是告诉Postfix如何通过mysql数据库,来读取各种email的配置.所以接下来,就是建立mysql,设置管理员帐户密码,新建ts_mail数据库及相应的数据表.

4.  常用命令行

export LD_LIBRARY_PATH=/opt/tsMail/lib64:/opt/tsMail/lib
export PATH=/opt/tsMail/bin:/opt/tsMail/sbin:$PATH

1. 查看postfix 的当前配置:
postconf  -c /opt/tsMail/etc/postfix -n 

2. 查看postfix 的版本:
[root@localhost log]# postconf -c /opt/tsMail/etc/postfix mail_version
mail_version = 3.6.2

3.启动与停止
postfix -c /opt/tsMail/etc/postfix  start
postfix -c /opt/tsMail/etc/postfix  status
postfix -c /opt/tsMail/etc/postfix reload
postfix -c /opt/tsMail/etc/postfix stop

4.显示日志:
sudo tail -f /var/log/maillog

5.显示队列中的邮件
postqueue -p

6.删除邮件
postsuper -d ALL
postsuper -d <mailID>

7.  刷新队列
postfix flush

8.查询postfix打开的端口
ss -lnpt | grep master

9.查看email日志
sudo tail -f /var/log/maillog


上一篇:   基础概念篇

   

下一篇:   Mysql 安装与配置






0 回复 | 直到2022-05-27 23:43添加回复

回复

最近更新

私信给我
生成图片 生成二维码 生成密码
清空