一、系统环境要求
操作系统:centos 7 X64
二、关闭sendmail
1、/bin/systemctl stop sendmail.service
2、chkconfig sendmail off(关闭开机自启动)
三、安装postfix、dovecot
yum -y install postfix dovecot
四、修改/etc/postfix/main.cf内如如下:
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail.shushujia.net
mydomain = shushujia.net
myorigin = $mydomain
inet_interfaces = all
inet_protocols = all
mydestination = shushujia.net
unknown_local_recipient_reject_code = 550
relay_domains = shushujia.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = ''
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated
smtpd_sasl_security_options = noanonymous
mynetworks = 114.215.137.209,127.0.0.0/8 #填写主机外网IP地址
五、修改dovecot配置文件如下:
1、/etc/dovecot/dovecot.conf
protocols = imap pop3 lmtp
listen = *
base_dir = /var/run/dovecot/
login_trusted_networks = 0.0.0.0/0
log_path = /var/log/dovecot.log
dict {
}
!include conf.d/*.conf
!include_try local.conf
2、/etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
}
mbox_write_locks = fcntl
六、修改/etc/pam.d/dovecot,支持系统用户认证
#%PAM-1.0
auth required pam_nologin.so
auth include password-auth
account include password-auth
session include password-auth
auth include system-auth
account include system-auth
session include system-auth
七,修改/etc/sysconfig/saslauthd如下:
SOCKETDIR=/run/saslauthd
MECH=shadow
FLAGS=
八、启动postfix,dovecot,saslauthd
/bin/systemctl start postfix.service
/bin/systemctl start dovecot.service
/bin/systemctl start saslauthd.service
九、防火墙开放端口110,25,143
iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
十、创建邮箱用户
由于用户服务器支持认证系统用户,因此直接创建系统用户即可
创建用户:useradd username –s /sbin/nologin(禁用远程登录权限)
用户授权:echo"password" | passwd--stdin username
十一、域名邮件记录解析
登录域名提供商网站,添加域名MX记录、A记录、TXT记录