- 安装必须的工具
apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server dovecot-common dovecot-imapd dovecot-pop3d dovecot-mysql postfix libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl telnet mailutils
- 设置MySQL建立虚拟域名和用户数据库
mysql -u root -p
create database mail;
use mail;
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
FLUSH PRIVILEGES;
CREATE TABLE domains (domain varchar(50) NOT NULL, PRIMARY KEY (domain) );
CREATE TABLE users (email varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) );
quit
- 如果忘记了mysql的root密码
/etc/init.d/mysql stop
/usr/local/mysql/bin/mysqld_safe --skip-grant-tables >/dev/null 2>&1 &
mysql -u root mysql
update user set password = Password('要设置的密码') where User = 'root';
flush privileges;
exit;
killall mysqld
service mysql start
- 配置Postfix通过MySQL获取用户信息在/etc/postfix目录下创建一个叫virtual的文件夹用来存放MySQL相关文件。
cd /etc/postfix/virtual
vim domains.cf
user = vmail_admin
password = vMMh-68918022
dbname = vmail
query = SELECT domain AS virtual FROM domains WHERE domain="%s"
hosts = 127.0.0.1
:wq
vim mailboxes.cf
user = vmail_admin
password = vMMh-68918022
dbname = vmail
query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email="%s"
hosts = 127.0.0.1
:wq
chmod o= *.cf
chgrp postfix *.cf
- 为邮箱创建用户
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m
- 修改/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_cert_file=/etc/postfix/smtpd.cert
smtpd_tls_key_file=/etc/postfix/smtpd.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail-sec.michaelhsu-squirrel.com
#mydomain=michaelhsu-squirrel.com
#alias_maps = hash:/etc/aliases
#alias_database = hash:/etc/aliases
#myorigin = /etc/mailname
mydestination = localhost.localdomain, localhost
#mydestination =
relayhost = [mail.so-net.ne.jp]:587
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.11.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
# home_mailbox=Maildir/
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
#virtual_mailbox_domains = /etc/postfix/virtual/domains
#virtual_mailbox_maps = hash:/etc/postfix/virtual/vmailbox
virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual/domains_mysql.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual/mailboxes_mysql.cf
virtual_mailbox_base = /home/vmail
virtual_minimum_uid = 100
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
inet_protocols = all
html_directory = /usr/share/doc/postfix/html
- 编辑/etc/postfix/master.cf,打开STARTTLS 587端口
submission inet n - n - - smtpd
- 为Postfix和Dovecot创建SSL证书
cd /etc/postfix
openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
chmod o= /etc/postfix/smtpd.key
- 为Postfix设置用户ID验证saslauthd
mkdir -p /var/spool/postfix/var/run/saslauthd
cp -a /etc/default/saslauthd /etc/default/saslauthd.bak
#edit /etc/default/saslauthd
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
#create /etc/pam.d/smtp with the following contents
auth required pam_mysql.so
user = vmail_admin
passwd = vMMh-68918022
host = 127.0.0.1
db = vmail
table = users
usercolumn = email
passwdcolumn = password
crypt = 1
account sufficient pam_mysql.so
user = vmail_admin
passwd = vMMh-68918022
host = 127.0.0.1
db = vmail
table = users
usercolumn = email
passwdcolumn = password
crypt = 1
#create a file /etc/postfix/sasl/smtpd.conf with the following contents
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: vmail_admin
sql_passwd: vMMh-68918022
sql_database: vmail
sql_select: select password from users where email = '%u'
#set proper permissions and ownership
chmod o= /etc/pam.d/smtp
chmod o= /etc/postfix/sasl/smtpd.conf
adduser postfix sasl
service postfix restart
service saslauthd restart
- 编辑/etc/postfix/master.cf建立postfix和dovecot间的通信
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
- 编辑/etc/postfix/main.cf,使得postfix可以通过dovecot验证用户
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
- 修改dovecot的配置文件 /etc/dovecot/dovecot.conf
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_location = maildir:/home/vmail/%d/%n
auth_mechanisms = plain login
namespace {
inbox = yes
location =
prefix =
#prefix = INBOX.
separator = /
type = private
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocols = imap
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-master {
mode = 0600
user = vmail
}
user = root
}
ssl = required
ssl_cert =
- 修改/etc/dovecot/dovecot-sql.conf,使得dovecot可以验证sql中的用户信息
cp -a /etc/dovecot/dovecot-sql.conf /etc/dovecot/dovecot-sql.conf.bak
vim /etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=vmail user=vmail_admin password=vMMh-68918022
default_pass_scheme = CRYPT
password_query = \
SELECT email as user, password \
FROM users WHERE email='%u'
:wq
service dovecot restart
chgrp vmail /etc/dovecot/dovecot.conf
chmod g+r /etc/dovecot/dovecot.conf
- 测试
telnet localhost 25
ehlo localhost
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail-sec.michaelhsu-squirrel.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-mail-sec.michaelhsu-squirrel.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
- 在数据库中添加虚拟域名和用户
mysql -u vmail_admin -p
use mail;
insert into domains(domain) values('michaelhsu-squirrel.com');
insert into users(email, password) values('admin@michaelhsu-squirrel.com', ENCRYPT('password'));
quit
- 将上述添加好的用户名设置为no-reply
创建/etc/postfix/noreply文件,并添加以下内容
info@michaelhsu-squirrel.com REJECT This is a no-reply address.
然后执行postmap命令
postmap noreply
在/etc/postfix/main.cf的smtpd_recipient_restrictions选项中将下面的内容添加到最前面
smtpd_recipient_restrictions: check_recipient_access hash:/etc/postfix/noreply, xxxxxxx
然后reload一下
service postfix reload
- 在Thunderbird中添加用户
IMAP: mail-sec.michaelhsu-squirrel.com 993 SSL/TLS Normal password
SMTP: mail-sec.michaelhsu-squirrel.com 587 STARTTLS Normal password
- 为了防止被当作垃圾邮件,还要在DNS服务器里添加下面一条TXT
@ TXT v=spf1 a mx mx:mail-sec.michaelhsu-squirrel.com ip4:202.238.84.1/24 ~all 600