CentOS7,可以通过hostnamectl set-hostname hostname命令设置hostname,并且修改hosts文件.这里域名是sijibao.info.
hostnamectl set-hostname mail.sijibao.info
vi /etc/sysconfig/selinux
SELINUX=enforcing 改为 SELINUX=disabled
为什么要设置hostname呢?因为一般情况下,Postfix在与其他的SMTP服务器进行通信的时候,会使用hostname来表名自己的身份.
主机名有两种形式,单名字与FQDN(Fully Qualified Domain Name).如果SMTP服务器不是用FQDN来表明身份,则有可能会被拒收.
修改防火墙开发相应的端口,分别是25, 465, 587, 110, 995, 143, 993.
firewall-cmd --zone=public --add-port=25/tcp --permanent
firewall-cmd --zone=public --add-port=465/tcp --permanent
firewall-cmd --zone=public --add-port=587/tcp --permanent
firewall-cmd --zone=public --add-port=110/tcp --permanent
firewall-cmd --zone=public --add-port=995/tcp --permanent
firewall-cmd --zone=public --add-port=145/tcp --permanent
firewall-cmd --zone=public --add-port=993/tcp --permanent
将mail.ewomail.cn 改成你的域名
红色部分请改为你的服务器IP
我们创建一个新的用户组以及用户,用来处理邮件.所有的虚拟邮箱,都会存在这个用户的home目录下
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m
yum update -y.
把系统的一些组件更新到最新,然后需要修改一些CentOS的源设置.
因为CentOS默认源里面的Postfix默认是不能和MariaDB协同工作的,因而我们需要安装扩展源里面的Postfix.
修改: /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
exclude=postfix
#released updates
[updates]
name=CentOS-$releasever - Updates
exclude=postfix
修改完毕以后,我们让扩展源生效,并且安装我们所需要的应用以及服务.
yum --enablerepo=centosplus install postfix
yum install dovecot mariadb-server dovecot-mysql
创建mail数据库用以处理邮件相关的业务.并且创建邮件管理员.
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mys123456';
FLUSH PRIVILEGES;
mail数据库中一共有3个表,分别是虚拟域名, 用户信息, 邮件转发.
#创建mail数据库
create database mail;
CREATE TABLE `domains` (
`id` int(11) NOT NULL auto_increment,
`name` varchar(50) NOT NULL,
PRIMARY KEY (`id`)
);
CREATE TABLE `users` (
`id` int(11) NOT NULL auto_increment,
`domain_id` int(11) NOT NULL,
`password` varchar(106) NOT NULL,
`email` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`),
FOREIGN KEY (domain_id) REFERENCES domains(id) ON DELETE CASCADE
);
CREATE TABLE `aliases` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES domains(id) ON DELETE CASCADE
);
在虚拟域名表中插入域名
INSERT INTO `mail`.`domains`
(`id` ,`name`)
VALUES
('1', 'sijibao.info'),
('2', 'localhost.sijibao.info');
在用户 信息表中插入用户
INSERT INTO `mail`.`users`
(`id`, `domain_id`, `password` , `email`)
VALUES
('1', '1', ENCRYPT('123123'), '[email protected]'),
('2', '1', ENCRYPT('123123'), '[email protected]');
设置别名
INSERT INTO `mail`.`aliases`
(`id`, `domain_id`, `source`, `destination`)
VALUES
('1', '1', '[email protected]', '[email protected]'),
('2', '1', '[email protected]', '[email protected]');
检查是否有数据
SELECT * FROM mail.domains;
SELECT * FROM mail.users;
SELECT * FROM mail.aliases;
master: /etc/postfix/master.cf (主进程的配置文件)
mail: /etc/postfix/main.cf (功能性配置文件)
表示方法:参数 = 值 (参数定格写在行首,以空白开头的行认为是上一行的延续)
先备份源文件
cp /etc/postfix/main.cf /etc/postfix/main.cf.org
更改配置(默认的不用动)
vi /etc/postfix/main.cf
myhostname = mail.sijibao.info
mydestination = localhost, localhost.localdomain
mynetworks = 127.0.0.0/8
inet_interfaces = all
message_size_limit = 30720000
relayhost =
alias_maps = hash:/etc/aliases
#加密
smtp_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
virtual_transport = dovecot
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-email2email.cf
mydomain参数是指email服务器的域名,请确保为正式域名(如sijibao.info)
myhostname参数是指系统的主机名称(如我的服务器主机名称是mail.sijibao.info)
myorigin参数指定本地发送邮件中来源和传递显示的域名。
myorigin = $mydomain 设置由本机寄出的邮件所使用的域名或主机名称
mynetworks参数指定受信任SMTP的列表,具体的说,受信任的SMTP客户端允许通过Postfix传递邮件。0.0.0.0/0 #配置这一项使用用户可在任意地发送邮件
mydestination参数指定哪些邮件地址允许在本地发送邮件。这是一组被信任的允许通过服务器发送或传递邮件的IP地址。
用户试图通过发送从此处未列出的IP地址的原始服务器的邮件将被拒绝。
inet_interfaces参数设置网络接口以便Postfix能接收到邮件。
relay_domains:该参数是系统传递邮件的目的域名列表。如果留空,我们保证了我们的邮件服务器不对不信任的网络开放。
home_mailbox:该参数设置邮箱路径与用户目录有关,也可以指定要使用的邮箱风格。
message_size_limit = 52428800 ###限制附件大小
mailbox_size_limit = 209715200 ###容量大小
注意:默认postfix从mydestination和virtual_mailbox_domains两个参数来确定postfix需要接收哪些域的邮件。
如果接收的邮件域与mydestination匹配,则使用系统帐号处理邮件;
如果接收的邮件域与virtual_mailbox_domains匹配则使用虚拟帐号处理邮件。
alias_maps = hash:/etc/aliases 在具有NIS的系统上,缺省值是搜索本地别名数据库,然后搜索NIS别名数据库。
不设置会有 warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem 你希望使用自己的SSL证书,私钥路径,则把/etc/pki/dovecot/private/dovecot.pem替换成你的证书路径.
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem 你希望使用自己的SSL证书,公钥路径,则把/etc/pki/dovecot/certs/dovecot.pem替换成你的证书路径.
smtpd_sasl_auth_enable = yes //使用SMTP认证
smtpd_sasl_security_options = noanonymous //取消匿名登陆方式
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination //设定邮件中有关收件人部分的限制
smtpd_sasl_type = dovecot smtp使用dovecot验证
smtpd_use_tls=yes 向远程SMTP客户端宣布STARTTLS支持,但不要求客户端使用TLS加密
smtpd_tls_auth_only = yes 当Postfix SMTP服务器中的TLS加密是可选的时,请勿通过未加密的连接通告或接受SASL认证。
virtual_transport = dovecot 以dovecot 默认邮件传递传输和下一跳的目标
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf /读取数据库虚拟域
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf 查询包含与$ virtual_mailbox_domains匹配的域中的所有有效地址。
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-virtual-email2email.cf
用于将特定邮件地址或域别名混合到其他本地或远程地址
创建虚拟域名配置
vim /etc/postfix/mysql-virtual-mailbox-domains.cf
user = mail_admin
password = mys123456
hosts = 127.0.0.1
dbname = mail
query = SELECT 1 FROM domains WHERE name='%s'
创建虚拟邮箱配置
vim /etc/postfix/mysql-virtual-mailbox-maps.cf
user = mail_admin
password = mys123456
hosts = 127.0.0.1
dbname = mail
query = SELECT 1 FROM users WHERE email='%s'
创建电子邮件与文件映射
vim /etc/postfix/mysql-virtual-alias-maps.cf
user = mail_admin
password = mys123456
hosts = 127.0.0.1
dbname = mail
query = SELECT destination FROM aliases WHERE source='%s'
vim /etc/postfix/mysql-virtual-email2email.cf
user = mail_admin
password = mys123456
hosts = 127.0.0.1
dbname = mail
query = SELECT email FROM users WHERE email='%s'
启动postfix
systemctl start postfix.service
postmap -q sijibao.info mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
1
postmap -q [email protected] mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
1
postmap -q [email protected] mysql:/etc/postfix/mysql-virtual-alias-maps.cf
[email protected]
返回结果就配置正常
cp /etc/postfix/master.cf /etc/postfix/master.cf.org
vim /etc/postfix/master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
#-o smtpd_client_restrictions=$mua_client_restrictions
#-o smtpd_helo_restrictions=$mua_helo_restrictions
#-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
#-o smtpd_client_restrictions=$mua_client_restrictions
#-o smtpd_helo_restrictions=$mua_helo_restrictions
#-o smtpd_sender_restrictions=$mua_sender_restrictions
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
-------------------------------------------------
重启postfix
systemctl restart postfix.service
helo (smtp协议)
ehlo(esmtp协议)
mail from:senduser 指定发件人信息
rcpt to:reciver 指定收件人信息 对于公共邮箱必须有域名、A纪录、PTR解析。
data 指定发送的信息
telnet 127.0.0.1 25
helo mail.sijibao.info
mail from:[email protected]
250 2.1.0 Ok
rcpt to:[email protected]
250 2.1.5 Ok
data
354 End data with .
This is a test mail from root.
.
250 2.0.0 Ok: queued as 3E55D20DCF12
quit
221 2.0.0 Bye
[root@mail conf.d]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
3E55D20DCF12 355 Fri Jun 15 14:57:01 [email protected]
备份文件
cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.org
cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.org
cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.org
cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.org
cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.org
cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.org
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/home/vmail/%d/%n/Maildir ##指定用户邮件保存路径
mail_privileged_group = mail
vim /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain login
#!include auth-system.conf.ext
!include auth-sql.conf.ext ##在同一文件中注释系统用户登录行,并通过取消注释'auth-sql.conf.ext'行来启用MySQL身份验证
vim /etc/dovecot/conf.d/auth-sql.conf.ext
# Authentication for SQL users. Included from 10-auth.conf.
#
#
passdb {
driver = sql
# Path for SQL configuration file, see example-config/dovecot-sql.conf.ext
args = /etc/dovecot/dovecot-sql.conf.ext ##使用指定文件,mysqlsql验证密码
}
# "prefetch" user database means that the passdb already provided the
# needed information and there's no need to do a separate userdb lookup.
#
#userdb {
# driver = prefetch
#}
userdb {
# driver = sql
# args = /etc/dovecot/dovecot-sql.conf.ext ##使用指定文件,mysqlsql验证用户
driver = static
args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir
}
# If you don't have any user-specific settings, you can avoid the user_query
# by using userdb static instead of userdb sql, for example:
#
#userdb {
#driver = static
#args = uid=vmail gid=vmail home=/var/vmail/%u
#}
vim /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=mail user=mail_admin password=mys123456
default_pass_scheme = CRYPT
password_query = SELECT email as user, password FROM users WHERE email='%u';
# chown -R vmail:dovecot /etc/dovecot
# chmod -R o-rwx /etc/dovecot
更改dovecot的master文件
vim /etc/dovecot/conf.d/10-master.conf
#default_process_limit = 100
#default_client_limit = 1000
# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M
# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull
# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot
service imap-login {
inet_listener imap {
#port = 143 ##禁止使用非ssl端口
}
inet_listener imaps {
port = 993
ssl = yes
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1\. 1 is more secure, but 0
# is faster.
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit
}
service pop3-login {
inet_listener pop3 {
port = 0 ##禁止使用非ssl端口
}
inet_listener pop3s {
port = 995
ssl = yes ##开启ssl
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
# Create inet listener only if you can't use the above UNIX socket
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}
service imap {
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = $default_vsz_limit
# Max. number of IMAP processes (connections)
#process_limit = 1024
}
service pop3 {
# Max. number of POP3 processes (connections)
#process_limit = 1024
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
mode = 0666
user = vmail
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
user = postfix
}
# Auth process is run as this user.
#user = $default_internal_user
user= dovecot
}
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
#user = root
user = vmail
}
service dict {
# If dict proxy is used, mail processes should have access to its socket.
# For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict {
#mode = 0600
#user =
#group =
}
}
配置dovecot 验证10-ssl.conf
vim /etc/dovecot/conf.d/10-ssl.conf
##
## SSL settings
##
# SSL/TLS support: yes, no, required.
# disable plain pop3 and imap, allowed are only pop3+TLS, pop3s, imap+TLS and imaps
# plain imap and pop3 are still allowed for local connections
ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
#如果有证书可以改成自己的证书
ssl_cert =
启动dovecot
systemctl start dovecot.service
使用本地客户端例如fixmail等
如果提示发件失败,那么我们可以查看一下日志
postfix日志在/var/log/maillog
dovecot日志在/home/vmail/dovecot-deliver.log
查看postfix和dovecot配置
postconf -n
dovecot -n
查看dovecot所有配置
dovecot -a