准备工作
1. 一台公网服务器(需要不被服务商限制发件收件的,也就是端口25、110、143、465、587、993、995不被限制),如有防火墙或安全组需要把这些端口开放
2. 一个域名,最好是com cn org的一级域名
3. 域名备案(如果服务器是国外的则不需要备案)
一、配置域名解析
1. 登录阿里云,找到云解析DNS
选择域名,如abc.com
①. 添加MX记录
- 记录类型:MX
- 主机记录:@
- 记录值:mail.abc.com
- MX优先级:1
②添加A记录
- 记录类型:A
- 主机记录:mail
- 记录值:服务器IP
- TTL:10分钟
③添加SPF记录
- 记录类型:TXT
- 主机记录:@
- 记录值:v=spf1 mx:mail.abc.com ip4:服务器IP -all
- TTL:10分钟
最后完成如下图
2. 安装并配置Postfix
apt-get update sudo apt install -y postfix
安装过程中有选项需要选择,先选择1(No configuration),等下一步再单独配置
安装完成,输入下面命令配置Postfix
sudo dpkg-reconfigure postfix
将显示配置界面,选择 Internet Site ,然后分别输入或者选择以下值
- mail.abc.com
- steve
- mail.abc.com, abc.com, localhost.localdomain, localhost
- no
- 127.0.0.0/8
- 0
- +
- ipv4
配置邮箱目录
sudo postconf -e 'home_mailbox = Maildir/'
使用 SASL(Dovecot SASL)配置 Postfix 的 SMTP-AUTH,在终端提示符下运行这些命令
sudo postconf -e 'smtpd_sasl_type = dovecot' sudo postconf -e 'smtpd_sasl_path = private/auth' sudo postconf -e 'smtpd_sasl_local_domain = $myhostname' sudo postconf -e 'smtpd_sasl_security_options = noanonymous,noplaintext' sudo postconf -e 'smtpd_sasl_tls_security_options = noanonymous' sudo postconf -e 'broken_sasl_auth_clients = yes' sudo postconf -e 'smtpd_sasl_auth_enable = yes' sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
配置TLS(使用自签名证书)
[root@mail ~]# cd # 生成私钥 [root@mail ~]# openssl genrsa -des3 -out server.key 2048 Enter pass phrase: #输入密码 Verifying - Enter pass phrase: #重复输入密码 #下面这个步骤是删除server.key中的密码 [root@mail ~]# openssl rsa -in server.key -out server.key.insecure Enter pass phrase for server.key: #输入刚才设置的密码 writing RSA key #重命名证书 [root@mail ~]# mv server.key server.key.secure [root@mail ~]# mv server.key.insecure server.key # 生成CSR(证书签名请求) [root@mail ~]# openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: #输入刚才设置的密码 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:CN #国家简称 State or Province Name (full name) []:Beijing #省 Locality Name (eg, city) [Default City]:Beijing #城市 Organization Name (eg, company) [Default Company Ltd]:OPS #公司名 Organizational Unit Name (eg, section) []:OPS #部门名 Common Name (eg, your name or your server's hostname) []:mail.abc.com Email Address []:[email protected] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: #直接按Enter An optional company name []: #直接按Enter #生成自签名证书 [root@mail ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt Enter pass phrase for server.key: #直接按Enter Certificate request self-signature ok subject=C = CN, ST = Beijing, L = Beijing, O = OPS, OU = OPS, CN = mail.abc.com, emailAddress = [email protected] Getting Private key #设置权限 [root@mail ~]# chmod 400 server.*
最后把证书拷贝到系统证书目录
sudo cp server.crt /etc/ssl/certs sudo cp server.key /etc/ssl/private
拥有证书后,配置 Postfix,在终端提示符下运行这些命令:
sudo postconf -e 'smtp_tls_security_level = may' sudo postconf -e 'smtpd_tls_security_level = may' sudo postconf -e 'smtp_tls_note_starttls_offer = yes' sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key' sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt' sudo postconf -e 'smtpd_tls_loglevel = 1' sudo postconf -e 'smtpd_tls_received_header = yes' sudo postconf -e 'smtpd_tls_auth_only = yes'
最后查看配置 vim /etc/postfix/main.cf 后面部分如下即可
# TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/server.crt smtpd_tls_key_file = /etc/ssl/private/server.key smtpd_tls_security_level = may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination myhostname = mail.abc.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = mail.abc.com, abc.com, localhost.localdomain, localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all inet_protocols = ipv4 home_mailbox = Maildir/ smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous,noplaintext smtpd_sasl_tls_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_auth_only = yes
配置SMTPS ==> vim /etc/postfix/master.cf
smtps部分去掉注释
smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
3. 安装并配置Dovecot
sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d
安装完成配置信息
vim /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain 改成 auth_mechanisms = plain login
vim /etc/dovecot/conf.d/10-master.conf 改成如下 service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Its default # permissions make it readable only by root, but you may need to relax these # permissions. Users that have access to this socket are able to get a list # of all usernames and get results of everyone's userdb lookups. unix_listener auth-userdb { #mode = 0600 #user = #group = } # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } }
vim /etc/dovecot/dovecot.conf listen = *, :: #!include conf.d/*.conf !include conf.d/10-auth.conf !include conf.d/10-master.conf ssl = no disable_plaintext_auth = no mail_location = maildir:~/Maildir
4. 启动邮箱服务并新增邮箱用户
sudo systemctl start postfix sudo systemctl start dovecot #重启命令: sudo systemctl restart postfix sudo systemctl restart dovecot
#======新建邮箱用户====== useradd -m 用户名 passwd 用户名 #输入密码 #确认密码 #======验证账户====== sudo doveadm auth test 用户名
5. 安装mailutils测试发件
sudo apt install -y mailutils #======测试发件====== echo '搭建邮件服务器成功啦!!!' | mail -s '通知!' [email protected]
6. 安装系统日志
sudo yum install -y rsyslog sudo systemctl enable rsyslog sudo systemctl start rsyslog 后续查看邮件服务日志方式 sudo tail -f /var/log/maillog
二、使用Foxmail收发邮件
①windows10版本的Foxmail 新建账号完成后闪退,所以先设置下:
首先找到Foxmail快捷方式,右键属性。
找到兼容性,并且在下方找到“以管理员身份运行此程序”,勾选,确定
②打开Foxmail,新建账号 => 其它邮箱 => 手动设置 => POP3
邮件账号:账号@abc.com
密码:xxxxxx
POP服务器:mail.abc.com SSL 110(不勾选,如果想勾选走995端口,则需要配置Dovecot的SSL信息,可自行研究)
SMTP服务器:mail.abc.com SSL 465(勾选)
注:虽然发件服务(SMTP)启用了SSL走的端口是465,但是实测25端口还得开放,不然无法接收外部邮件
参考:https://ubuntu.com/server/docs/install-and-configure-postfix#smtps
标签:tls,mail,postfix,sudo,server,Ubuntu,key,smtpd,dovecot From: https://www.cnblogs.com/007sx/p/18347813