postfix邮件服务基础配置 [LinuxCast视频教程]
目录:
这是我们设置和配置邮件服务器系列的第二篇文章。 在这篇文章中,我们将向您展示如何安装和配置Postfix和Dovecot,这是我们邮件系统的两个主要组件。
Postfix是一种开源邮件传输代理(MTA),一种用于发送和接收电子邮件的服务。 Dovecot是IMAP / POP3服务器,在我们的设置中,它还将处理本地传递和用户身份验证。
本教程是为Ubuntu 16.04写的,但是相同的步骤只要稍加修改,就可以在任何较新的Ubuntu版本上使用。
先决条件
在继续本教程之前,请确保您以具有sudo特权的用户身份登录。
安装Postfix和Dovecot
Ubuntu默认存储库中的Dovecot软件包已过时。 为了利用
imap_sieve
模块,我们将从Dovecot社区存储库中安装Dovecot。
使用以下wget命令将存储库GPG密钥添加到apt源密钥环:
wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
使用以下命令启用Dovecot社区存储库:
echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list
sudo apt update
sudo debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
sudo debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
sudo apt install postfix postfix-mysql dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql
后缀配置
我们将设置Postfix以使用虚拟邮箱和域。
首先创建
sql
配置文件,该文件将指示postfix如何访问在本系列的第一部分中创建的MySQL数据库。
sudo mkdir -p /etc/postfix/sql
打开您的文本编辑器并创建以下文件:
/etc/postfix/sql/mysql_virtual_domains_maps.cf
user = postfixadmin password = P4ssvv0rD hosts = 127.0.0.1 dbname = postfixadmin query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
/etc/postfix/sql/mysql_virtual_alias_maps.cf
user = postfixadmin password = P4ssvv0rD hosts = 127.0.0.1 dbname = postfixadmin query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
user = postfixadmin password = P4ssvv0rD hosts = 127.0.0.1 dbname = postfixadmin query = SELECT goto FROM alias, alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
user = postfixadmin password = P4ssvv0rD hosts = 127.0.0.1 dbname = postfixadmin query = SELECT goto FROM alias, alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
user = postfixadmin password = P4ssvv0rD hosts = 127.0.0.1 dbname = postfixadmin query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
user = postfixadmin password = P4ssvv0rD hosts = 127.0.0.1 dbname = postfixadmin query = SELECT maildir FROM mailbox, alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
一旦创建了SQL配置文件,请更新主后缀配置文件,以包含有关存储在MySQL数据库中的虚拟域,用户和别名的信息。
sudo postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
sudo postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
sudo postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"
postconf命令显示配置参数的实际值,更改配置参数值或显示有关Postfix邮件系统的其他配置信息。
本地传递代理会将传入的电子邮件传递到用户的邮箱。 运行以下命令,将Dovecot的LMTP服务设置为默认邮件传递传输:
sudo postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"
使用先前生成的“加密SSL证书”设置TL参数:
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/mail.linuxize.com/fullchain.pem'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/mail.linuxize.com/fullchain.pem'
sudo postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/mail.linuxize.com/privkey.pem'
配置经过身份验证的SMTP设置,并将身份验证移交给Dovecot:
sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth'
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination'
我们还需要编辑Postfix主配置文件
master.cf
并启用提交端口(
587
)和smtps端口(
465
)。
使用文本编辑器打开文件,然后取消注释/编辑以下行:
/etc/postfix/master.cf
submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated, reject # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated, reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated, reject # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated, reject -o milter_macro_daemon_name=ORIGINATING
重新启动后缀服务以使更改生效。
sudo systemctl restart postfix
至此,您已经成功配置了Postfix服务。
配置鸽舍
在本节中,我们将配置Dovecot以匹配我们的设置。 确保编辑以黄色突出显示的行。
首先配置
dovecot-sql.conf.ext
文件,该文件指示Dovecot如何访问数据库以及如何查找有关电子邮件帐户的信息。
driver = mysql connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=P4ssvv0rD default_pass_scheme = MD5-CRYPT iterate_query = SELECT username AS user FROM mailbox user_query = SELECT CONCAT('/var/mail/vmail/', maildir) AS home, \ CONCAT('maildir:/var/mail/vmail/', maildir) AS mail, \ 5000 AS uid, 5000 AS gid, CONCAT('*:bytes=', quota) AS quota_rule \ FROM mailbox WHERE username = '%u' AND active = 1 password_query = SELECT username AS user, password FROM mailbox \ WHERE username = '%u' AND active='1'
不要忘记使用正确的MySQL凭据(dbname,用户名和密码)。
接下来,编辑
conf.d/10-mail.conf
文件并编辑以下变量:
… mail_location = maildir:/var/mail/vmail/%d/%n… mail_uid = vmail mail_gid = vmail… first_valid_uid = 5000 last_valid_uid = 5000… mail_privileged_group = vmail… mail_plugins = quota…
要使身份验证有效,请打开
conf.d/10-auth.conf
,编辑以下行并包括
auth-sql.conf.ext
文件:
… disable_plaintext_auth = yes… auth_mechanisms = plain login… #!include auth-system.conf.ext !include auth-sql.conf.ext…
打开
conf.d/10-master.conf
文件,并进行如下修改:
… service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix }… }… service auth {… unix_listener auth-userdb { mode = 0600 user = vmail group = vmail }… unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }… }… service auth-worker { user = vmail }… service dict { unix_listener dict { mode = 0660 user = vmail group = vmail } }…
打开
conf.d/10-ssl.conf
并启用SSL / TLS。
… ssl = yes… ssl_cert = Make sure you use the correct path to the SSL certificate files.
If you have followed this series from the beginning, you should already have the
fullchain.pem
,
privkey.pem
,
dhparam.pem
files created on your server. For more information about how to create a free Let's encrypt SSL certificate and Diffie–Hellman key check this tutorial.
Thanks to Nevyn for noticing the problem and providing a solution.
… ssl = yes… ssl_cert = Make sure you use the correct path to the SSL certificate files.
If you have followed this series from the beginning, you should already have the
fullchain.pem
,
privkey.pem
,
dhparam.pem
files created on your server. For more information about how to create a free Let's encrypt SSL certificate and Diffie–Hellman key check this tutorial.
Thanks to Nevyn for noticing the problem and providing a solution.
打开
conf.d/20-imap.conf
文件并激活
imap_quota
插件:
… protocol imap {… mail_plugins = $mail_plugins imap_quota… }…
打开
conf.d/20-lmtp.conf
文件并按如下所示进行编辑:
… protocol lmtp { postmaster_address = [email protected] mail_plugins = $mail_plugins }…
在
conf.d/20-lmtp.conf
文件中定义默认邮箱:
… mailbox Drafts { special_use = \Drafts } mailbox Spam { special_use = \Junk auto = subscribe } mailbox Junk { special_use = \Junk }…
有两种不同类型的配额大小,一种是为整个域设置的,另一种是按用户邮箱设置的。 在本系列的上一部分中,我们已经在PostfixAdmin中启用了配额支持,这意味着配额信息将存储在PostfixAdmin数据库中。
现在,我们需要配置Dovecot以连接到数据库,处理配额限制,并运行一个脚本,该脚本在用户的配额超过指定的限制时向用户发送邮件。 为此,请打开
conf.d/90-quota.conf
文件并按如下所示对其进行修改:
plugin { quota = dict:User quota::proxy::sqlquota quota_rule = *:storage=5GB quota_rule2 = Trash:storage=+100M quota_grace = 10%% quota_exceeded_message = Quota exceeded, please contact your system administrator. quota_warning = storage=100%% quota-warning 100 %u quota_warning2 = storage=95%% quota-warning 95 %u quota_warning3 = storage=90%% quota-warning 90 %u quota_warning4 = storage=85%% quota-warning 85 %u } service quota-warning { executable = script /usr/local/bin/quota-warning.sh user = vmail unix_listener quota-warning { group = vmail mode = 0660 user = vmail } } dict { sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext }
我们还需要告诉dovecot如何访问配额SQL词典。 打开
dovecot-dict-sql.conf.ext
文件并编辑以下行:
… connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=P4ssvv0rD… map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages }… # map { # pattern = shared/expire/$user/$mailbox # table = expires # value_field = expire_stamp # # fields { # username = $user # mailbox = $mailbox # } # }…
确保使用正确的MySQL凭据(dbname,用户名和密码)。
创建以下shell脚本,如果其配额超过指定的限制,该脚本将向用户发送电子邮件:
/usr/local/bin/quota-warning.sh
#!/bin/sh PERCENT=$1 USER=$2 cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=dict:User quota::noenforcing:proxy::sqlquota" From: [email protected] Subject: Quota warning Your mailbox is now $PERCENT% full. EOF
通过运行以下
chmod
命令使脚本可执行:
sudo chmod +x /usr/local/bin/quota-warning.sh
最后,重新启动dovecot服务,以使更改生效。
sudo systemctl restart dovecot
结论
到现在,您应该已经拥有一个功能齐全的邮件系统。 在本系列的下一部分中,我们将向您展示如何安装和集成Rspamd。
邮件服务器后缀dovecot这篇文章是“设置和配置邮件服务器”系列的一部分。
本系列的其他文章:
•使用PostfixAdmin设置邮件服务器•安装和配置Postfix和Dovecot•安装和集成Rspamd•安装和配置Roundcube Webmail