首页 小组 文章 搜索 用户

centos7下安装postfix、dovecot、mysql邮件系统

2020-06-04 15:46:25
0
459

在这之前,你需要把你的域名MX记录和smtp、imap、mail的主机台记录解析到当前的服务器或VPS上,192.168.0.110是你的云或VPS的IP

mailA记录192.168.0.110
@MX192.168.0.110
@TXT记录v=spf1 a mx ip4:192.168.0.110 -all
_dmarc
TXT记录
v=DMARC1; p=reject; rua=mailto:admin@osyum.com
rdnsip在你的vps或云上的控制面板做好rdns解析,这样邮件更容易发送成功

打开防火墙端口

firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=25/tcp --permanent
firewall-cmd --add-port=465/tcp --permanent
firewall-cmd --add-port=587/tcp --permanent
firewall-cmd --add-port=110/tcp --permanent
firewall-cmd --add-port=995/tcp --permanent
firewall-cmd --add-port=993/tcp --permanent
firewall-cmd --add-port=143/tcp --permanent
firewall-cmd --reload

以下测试以osyum.com为例,自己安装的时候要注意改成自己的域名

一、设置主机名和升级系统禁用selinux,并停用占用25端口的程序
设置服务器的主机名,其中osyum.com就是你自己的服务器主机名,可以通过hostname查看,vps需要kvm架构

hostname mail.osyum.com
hostnamectl set-hostname mail.osyum.com

先停用25端口之类:

systemctl stop sendmail
systemctl disable sendmail

禁用selinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

系统升级到最新版本

yum update -y
yum install -y epel-release

先安装一些需要支持的组件

yum -y install net-tools nano wget man bind-utils git mailx telnet

重启服务器生效

reboot

二、安装mysql、nginx、php,创建网站并获取免费证书

安装mysql5.6,加入系统启动,并把密码设置为osyum123258

rpm -Uvh http://yum.osyum.com/linux/mysql/mysql-community-release-el7-5.noarch.rpm
yum install mysql-community-server mysql-devel  -y
systemctl enable mysqld
systemctl start mysqld
mysqladmin -u root password osyum123258

nginx,创建/etc/yum.repos.d/nginx.repo文件,复制以下代码

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

yum安装nginx,并加入系统启动

yum install nginx -y
systemctl enable nginx
systemctl start nginx

安装php

yum安装php

yum install -y php-fpm php-cli php-mysql php-gd php-mcrypt php-intl php-ldap php-odbc php-pdo php-pecl-memcache php-pear php-mbstring php-xml php-xmlrpc php-mbstring php-snmp php-soap php-imap

修改/etc/php.ini文件,把时区改为上海(注意以你自己的服务器时区为准)

date.timezone = Asia/Shanghai
cgi.fix_pathinfo = 0

修改监听php配置文件/etc/php-fpm.d/www.conf,改为sock方式并把用户和组改为nginx运行

listen = /var/run/php-fpm/php-fpm.sock
;listen = 127.0.0.1:9000
user = nginx
group = nginx

创建活动目录

mkdir /var/lib/php/session/
chown -R nginx:nginx /var/lib/php/session/

加入系统启动

systemctl enable php-fpm
systemctl start php-fpm

获取免费证书Let’s Encrypt SSL Certificate

yum install git bc -y
git clone https://github.com/letsencrypt/letsencrypt
systemctl stop nginx
cd letsencrypt
./letsencrypt-auto certonly --standalone

这里的意思是输入邮箱

Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel):

这里的意思是同意,输入A

agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel:直接回车,输入A同意,然后输入域名。我们以mail.osyum.com为例。

定阅否,输入N


encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o:

输入你的域名

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):

当显示有

/etc/letsencrypt/live/osyum.com/fullchain.pem;
/etc/letsencrypt/live/osyum.com/privkey.pem;

成功后启动nginx

systemctl start nginx

创建一个mail.osyum.com的网站以mail.conf的配置文件

vi /etc/nginx/conf.d/mail.conf

输入下面的代码

server {

  listen 80;
  server_name mail.osyum.com;
  return 301 https://$server_name$request_uri; # enforce https

}
server {
   listen          443 ssl;
   server_name     mail.osyum.com;
   root            /var/www/html;
   index           index.php;
   charset         utf-8;
   access_log      /var/log/nginx/pa-access.log;
   error_log       /var/log/nginx/pa-error.log;

   ## SSL settings
   ssl on;
   ssl_certificate           /etc/letsencrypt/live/mail.osyum.com/fullchain.pem;
   ssl_certificate_key           /etc/letsencrypt/live/mail.osyum.com/privkey.pem;
   ssl_protocols             TLSv1.2 TLSv1.1 TLSv1;

   add_header Strict-Transport-Security max-age=31536000;

   location / {
      try_files $uri $uri/ index.php;
   }

   location ~ .php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include       fastcgi_params;
        fastcgi_pass  unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
   }

}

三、安装配置postfix.admin,创建postfix数据库

安装postfix.admin(postfix.admin是一款管理postfix的软件)

cd /var/www/html
wget https://sourceforge.net/projects/postfixadmin/files/postfixadmin/postfixadmin-3.1/postfixadmin-3.1.tar.gz/download
tar zxvf download
mv postfixadmin-3.1 postfixadmin
rm -rf download
chown -R nginx:nginx /var/www/html/postfixadmin

创建postfix数据库,密码为osyumpostfix,本地访问

先登录root在登录

mysql -u root -p输入你的mysqlroot密码

CREATE DATABASE postfix;
CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'osyumpostfix';
GRANT ALL PRIVILEGES ON postfix.* TO 'postfix'@'localhost';
FLUSH PRIVILEGES;
QUIT;

更改/var/www/html/postfixadmin/config.inc.php文件中的,以上面的你自定义密码为准

$CONF['configured'] = true;
$CONF['database_password'] = 'osyumpostfix';

创建templates_c目录并给777权限

mkdir -p /var/www/html/postfixadmin/templates_c
chmod 777 -R /var/www/html/postfixadmin/templates_c

现在访问http://mail.osyum.com/postfixadmin/setup.php,输入两次密码后设置希哈密码,更改/var/www/html/postfixadmin/config.inc.php里面的$CONF['setup_password'] = 'changeme';找到setup.php页面上的希哈密码复制,把changeme替换成希哈密码

如下

$CONF['setup_password'] = '24b11d518f6d8d92a3df8b55a7a2a5be:06b7087af6270213fb17be3e2088f4f0b98db75f';

接着创建管理员(邮箱和密码)

四、安装配置postfix

安装postfix,加入系统启动

yum install postfix* -y
systemctl enable postfix
systemctl start postfix

创建5个文件连接mysql

4.1创建/etc/postfix/mysql-virtual_domains_maps.cf文件

hosts = localhost
user = postfix
password = osyumpostfix
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

4.2创建/etc/postfix/mysql-relay_domains_maps.cf文件

hosts = localhost
user = postfix
password = osyumpostfix
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1'

4.3创建/etc/postfix/mysql-virtual_mailbox_maps.cf文件

hosts = localhost
user = postfix
password = osyumpostfix
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

4.4创建/etc/postfix/mysql-virtual_mailbox_limit_maps.cf文件

hosts = localhost
user = postfix
password = osyumpostfix
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' and active = '1'

4.5创建/etc/postfix/mysql-virtual_alias_maps.cf文件

hosts = localhost
user = postfix
password = osyumpostfix
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

给权

chgrp postfix /etc/postfix/mysql-*.cf
chmod 640 /etc/postfix/mysql-*.cf

编辑/etc/postfix/main.cf文件并在最后添加以下代码

relay_domains = proxy:mysql:/etc/postfix/mysql-relay_domains_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_alias_maps.cf,regexp:/etc/postfix/virtual_regexp
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $virtual_mailbox_limit_maps

创建virtual_regexp文件

touch /etc/postfix/virtual_regexp

编辑/etc/postfix/main.cf文件,注释#inet_interfaces = localhost,打开inet_interfaces = all,没有ipv6的机子关闭ipv6,不然发不了邮件

inet_interfaces = all
#inet_interfaces = localhost
inet_protocols = ipv4

创建vmail用户

groupadd -g 5000 vmail
mkdir /home/vmail
chmod 770 /home/vmail/
useradd -r -u 5000 -g vmail -d /home/vmail/ -s /sbin/nologin -c "Virtual Mailbox" vmail
chown vmail:vmail /home/vmail/

在/etc/postfix/main.cf最后添加

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail

在/etc/postfix/master.cf打开587、465端口,取消以下行的注释

submission inet n       -       n       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       n       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

编辑/etc/postfix/main.cf最后一行加入以下代码

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

smtpd_tls_cert_file = /etc/letsencrypt/live/mail.osyum.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.osyum.com/privkey.pem
smtpd_tls_security_level = may

#Disable sslv2 ad SSLv3
smtpd_tls_protocols= !SSLv2, !SSLv3
smtpd_tls_mandatory_protocols= !SSLv2, !SSLv3

#set minimum TLS ciphers grade for tls
smtpd_tls_mandatory_ciphers = high

#use server ciphers instead client preference
tls_preempt_cipherlist = yes

#ciphers to exclude
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5 , DES, ADH, RC4, PSD, SRP, 3DES, eNULL

#disallow plain login
smtpd_tls_auth_only = yes

mua_client_restrictions = permit_sasl_authenticated,reject
mua_helo_restrictions = permit_sasl_authenticated,reject
mua_sender_restrictions = permit_sasl_authenticated,reject

重启postfix

systemctl restart postfix

五、安装配置dovecot

安装dovecot,并加入系统启动

yum install -y dovecot dovecot-mysql dovecot-pigeonhole
systemctl enable dovecot
systemctl start dovecot

编辑/etc/dovecot/dovecot.conf

protocols = imap imaps pop3 pop3s
listen = *
shutdown_clients = yes

创建/etc/dovecot/conf.d/dovecot-mysql.conf.ext

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=osyumpostfix
password_query = SELECT username as user, password, concat('/home/vmail/', maildir) as userdb_home,  concat('maildir:/home/vmail/', maildir) as userdb_mail, 5000 as userdb_uid, 5000 as userdb_gid FROM mailbox  WHERE username = '%u' AND active = '1'
user_query = SELECT concat('/home/vmail/', maildir) as home, concat('maildir:/home/vmail/', maildir) as mail,  5000 AS uid, 5000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE  username = '%u' AND active = '1'

给权

chmod 640 /etc/dovecot/conf.d/dovecot-mysql*

编辑/etc/dovecot/conf.d/auth-sql.conf.ext文件

passdb {
  driver = sql
  args = /etc/dovecot/conf.d/dovecot-mysql.conf.ext
}
userdb {
  driver = sql
  args = /etc/dovecot/conf.d/dovecot-mysql.conf.ext
}

编辑/etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = yes
auth_mechanisms = plain login cram-md5
#!include auth-system.conf.ext
!include auth-sql.conf.ext

编辑/etc/dovecot/conf.d/10-ssl.conf开启ssl/tls

ssl_cert = </etc/letsencrypt/live/mail.osyum.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.osyum.com/privkey.pem
# SSL protocols to use
ssl_protocols = !SSLv2 !SSLv3
# SSL ciphers to use
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4
# Prefer the server's order of ciphers over client's.
ssl_prefer_server_ciphers = yes

完整如下图


编辑/etc/dovecot/conf.d/10-master.conf文件

service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
 
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
 
service auth {
 
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = vmail
    group = vmail
  }

编辑/etc/dovecot/conf.d/10-mail.conf

mail_location = maildir:/home/vmail/%d/%n/:INDEX=/home/vmail/%d/%n/indexes
mail_uid =5000
mail_gid =5000
first_valid_uid = 5000
last_valid_uid = 5000
first_valid_gid = 5000
last_valid_gid = 5000

重启dovecot

systemctl restart dovecot

现在可以到https://mail.osyum.com/postfixadmin/login.php上添加域和邮箱

现在可以测试了

给postfix安装dkim验证,防止邮件进入垃圾箱

yum install opendkim* -y

修改 opendkim 配置文件(直接将原来的删除修改成下面的内容)

先备份

cp /etc/opendkim.conf /etc/opendkim.conf_bak

编辑/etc/opendkim.conf

UserID                  opendkim:opendkim
UMask                   022
Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
Canonicalization        relaxed/relaxed
TemporaryDirectory      /var/tmp
ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable
MinimumKeyBits          1024
Socket                  inet:8891
LogWhy                  Yes
Syslog                  Yes
SyslogSuccess           Yes

创建密钥

mkdir -p /etc/opendkim/keys/osyum.com
opendkim-genkey -D /etc/opendkim/keys/osyum.com/ -d osyum.com -s default

创建完毕后,将其添加到 /etc/opendkim/KeyTable中

default._domainkey.osyum.com osyum.com:default:/etc/opendkim/keys/osyum.com/default.private

在添加/etc/opendkim/SigningTable

*@osyum.com default._domainkey.osyum.com

设置允许进行签名的主机 到 /etc/opendkim/TrustedHosts 中,一般情况下都是本机发信,我们将 127.0.0.1 和localhost加入即可

127.0.0.1
localhost

给opendkim指定用户和授权

chown opendkim:opendkim -R /etc/opendkim/
chmod -R 700 /etc/opendkim

此时 DKIM 签名软件已经可以正常工作了,接下来就要让 Postfix 所发的邮件经过其处理,

编辑/etc/postfix/main.cf配置文件,在最后添加

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:8891
non_smtpd_milters = inet:8891

重启dkim和postfix及加入系统启动

systemctl enable opendkim
systemctl restart opendkim
systemctl restart postfix

把dkim公钥复制到域名解析处

查看公钥

cat /etc/opendkim/keys/osyum.com/default.txt

显示

default._domainkey      IN      TXT     ( "v=DKIM1; k=rsa; "
          "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKrQt3CdJLsxtbthhJ5OoJGWlMQS3/QmmxghltjHSzIpQANJJl9/znn3S9IBKq7u4KXSv1z9jLQR7r0SiQ3l58e8fQl1PmfsTIzrmUE0tYjtKu1NTSwRIydM7WjKYIrzPhw2VYMcD7PXPKVf9PvWwqYezOxczuJZ7BlBer0+hdhQIDAQAB" )  ; ----- DKIM key default for osyum.com

主机名:default._domainkey类型txt,值为v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN0avBB28KG9t42Qe+WQHuddh57BgyTuW3NUdY7z4pnRWdQnXxjQOkJ4Tml5ttHNgorj53zyZjKp7fWoUv0CEOk81kvgpNlRS8vXAKhzmT9dv8r5hgEmo3jczOEs7b3szWjX8rfEEXsJT7qU1AqrFBF3/x8TWmSecOzbx6478U0wIDAQAB

在过一会测试

dig default._domainkey.osyum.com TXT +noall +answer 

值显示一样就可以了,

把opendkim加入系统启动

systemctl enable opendkim
systemctl start opendkim

现在可以去专门的测试dkim网站测试是否准确了http://www.appmaildev.com/cn/dkim

安装spf

yum install perl-Mail-SPF perl-Sys-Hostname-Long -y
wget https://launchpad.net/postfix-policyd-spf-perl/trunk/2.011/+download/postfix-policyd-spf-perl-2.011.tar.gz
tar zvxf postfix-policyd-spf-perl-2.011.tar.gz
cd postfix-policyd-spf-perl-2.011
cp postfix-policyd-spf-perl /usr/local/sbin/.

在/etc/postfix/master.cf文件最后面加入

policy     unix  -       n       n       -       -       spawn
        user=nobody argv=/usr/bin/perl /usr/local/sbin/postfix-policyd-spf-perl

编辑/etc/postfix/main.cf文件,在(搜reject_unauth_destination)smtpd_recipient_restrictions的最后加入, check_policy_service unix:private/policy,

另起一行加入policy_time_limit = 3600如下

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service unix:private/policy
policy_time_limit = 3600

完成

安装roundcube

wget https://github.com/roundcube/roundcubemail/releases/download/1.4.4/roundcubemail-1.4.4-complete.tar.gz
tar zxvf roundcubemail-1.4.4-complete.tar.gz
mv roundcubemail-1.4.4 roundcubemail
chown -R nginx:nginx /var/www/html

接下来安装php的第三方库

pear install Auth_SASL
pear install Net_SMTP
pear install Net_IDNA
pear install Mail_mime
pear install Net_LDAP

安装完成重新启动一下系统

reboot

重启后重连ssh,创建roundcubemail数据库,先登录root

mysql -uroot -posyum123258

创建库

CREATE DATABASE roundcubemail;
GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcube@localhost  IDENTIFIED BY 'osyumpostfix';
FLUSH PRIVILEGES;
quit

修改config.inc.php

cp /var/www/html/roundcubemail/config/config.inc.php.sample  /var/www/html/roundcubemail/config/config.inc.php

编辑config.inc.php

修改以下内容,注意你的密码

$config['db_dsnw'] = 'mysql://roundcube:osyumpostfix@localhost/roundcubemail';
$config['default_host'] = 'ssl://mail.osyum.com';
$config['default_port'] = 993;
$config['imap_auth_type'] = 'PLAIN';
$config['support_url'] = '';
$config['smtp_server'] = 'tls://mail.yuncp.bid';
$config['smtp_port'] = 587;
$config['smtp_auth_type'] = 'PLAIN';
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';





































评论