記錄配置 PostFix 郵件服務器過程,由於經常用到,會不定時更新完善
首先配置域名,這個比較簡單,我們把這部分工作放到前來,需要配置的域名記錄有2個:
A記錄,spf記錄和mx記錄:
1. 新增A記錄: mail.xxx.com 到你的服務器
2. 新增MX記錄: @(空頭)到你 剛纔配置的 A記錄:mail.xxx.com
3. 新增TXT記錄:@(空頭)固定值:"v=spf1 a mx ~all"
SFP介紹:
就是Sender Policy Framework。SPF可以防止別人僞造你來發郵件,是一個反僞造性郵件的解決方案。當你定義了你的domain name的SPF記錄之後,接收郵件方會根據你的SPF記錄來確定連接過來的IP地址是否被包含在SPF記錄裏面,如果在,則認爲是一封正確的郵件,否則則認爲是一封僞造的郵件。關於更詳細的信息請參考RFC4408(http://www.ietf.org/rfc/rfc4408.txt)
一般配置成:“v=spf1 a mx ~all”
下面安裝必要軟件,用yum安裝即可
yum install -y postfix dovecot dovecot-mysql cyrus-sasl-plain cyrus-sasl mailx
安裝完,開始配置環節
# 設置hostname
hostnamectl set-hostname mail.i7do.com
cat /etc/hostname
vim /etc/hosts //添加下面一行
127.0.0.1 mail.i7do.cn
# 檢查配置文件
postconf -a
postfix check
systemctl restart postfix.service
systemctl enable postfix.service
systemctl restart dovecot
vim /etc/dovecot/conf.d/10-auth.conf
cp /usr/share/doc/dovecot-2.2.36/example-config/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext
vim /etc/dovecot/dovecot-sql.conf.ext
修改 main.cf
#修改以下配置
myhostname = mail.i7do.com //郵件服務器的主機名
mydomain = i7do.com //郵件域
myorigin = $mydomain //往外發郵件的郵件域
inet_interfaces = all //監聽的網卡
inet_protocols = all
mydestination = $myhostname, $mydomain //服務的對象
home_mailbox = Maildir/ //郵件存放的目錄
# 規定郵件最大尺寸爲10M
message_size_limit = 10485760
# 規定收件箱最大容量爲1G
mailbox_size_limit = 1073741824
# SMTP認證
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
mynetworks = 127.0.0.0/8
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
# SSL 加密
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtp_tls_CApath = /etc/ssl/certs
smtpd_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtpd_relay_restrictions = permit_myNetworks,permit_sasl_authenticated,defer_unauth_destination
創建證書:
cat /etc/dovecot/dovecot.pem
cd /etc/pki/tls/misc
./CA -newca
openssl req -new -nodes -keyout mailkey.pem -out mailreg.pem -days 365
rm -f /etc/pki/CA/index.txt
touch /etc/pki/CA/index.txt
openssl ca -out mail_signed_cert.pem -infiles mailreg.pem
vim /etc/pki/tls/openssl.cnf
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl x509 -in server.crt -out server.pem -outform PEM
修改端口:
vim /etc/postfix/master.cf
打開 smtp smtps
創建用戶:
useradd fan -s /sbin/nologin
echo '123123' | passwd --stdin fan
檢查進程是否啓動:
netstat -anpt | grep dovecot
netstat -anpt | grep postfix
netstat -anpt | grep smtp
netstat -anpt | grep master
測試發送郵件:
yum -y install mailx
echo '這是測試' | mail -s '你好,164' [email protected]
配置mysql
vim /etc/dovecot/dovecot.conf
vim /etc/dovecot/conf.d/10-auth.conf ##認證配置文件
打開 include auth-sql.conf.ext
出錯:
Jul 4 17:54:18 mail dovecot: pop3-login: Login: user=<[email protected]>, method=PLAIN, rip=61.151.182.11, lip=139.129.213.170, mpid=30164, TLS, session=<ZyTmn5qponU9l7YL>
Jul 4 17:54:18 mail dovecot: pop3([email protected]): Error: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir
Jul 4 17:54:18 mail dovecot: pop3([email protected]): Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir top=0/0, retr=0/0, del=0/0, size=0
修改:
vim /etc/dovecot/dovecot.conf
# 找到下面這行,註釋掉,MySQL 版本不需要固定
#mail_location = maildir:~/Maildir
修改爲
mail_location = maildir:/home/vmail/%u/Maildir
變量的意義:
# %u - username
# %n - user part in user@domain, same as %u if there's no domain
# %d - domain part in user@domain, empty if there's no domain
# %h - home directory
問題:
Jul 5 09:07:02 mail postfix/error[3017]: 78FD01205AC: to=[email protected], relay=none, delay=0.17, delays=0.12/0.04/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
修改/etc/postfix/transport,清空 qq.com slow: 這一行