松鼠Mike的树洞 -- Make Each Day Count
  • 排序
  • 选择时间

Ubuntu 14.04下用Postfix和Dovecot搭建邮件系统

发布日期: 2014-08-10更新日期:2015-08-23

    • 安装必须的工具
      apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server dovecot-common dovecot-imapd dovecot-pop3d dovecot-mysql postfix libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl telnet mailutils
    • 设置MySQL建立虚拟域名和用户数据库
      mysql -u root -p
      create database mail;
      use mail;
      GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
      GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
      FLUSH PRIVILEGES;
      CREATE TABLE domains (domain varchar(50) NOT NULL, PRIMARY KEY (domain) );
      CREATE TABLE users (email varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) );
      quit
      
    • 如果忘记了mysql的root密码
      /etc/init.d/mysql stop
      /usr/local/mysql/bin/mysqld_safe --skip-grant-tables >/dev/null 2>&1 &
      mysql -u root mysql
      update user set password = Password('要设置的密码') where User = 'root';
      flush privileges;
      exit;
      killall mysqld
      service mysql start
      
    • 配置Postfix通过MySQL获取用户信息在/etc/postfix目录下创建一个叫virtual的文件夹用来存放MySQL相关文件。
      cd /etc/postfix/virtual
      vim domains.cf
      
      user = vmail_admin
      password = vMMh-68918022
      dbname = vmail
      query = SELECT domain AS virtual FROM domains WHERE domain="%s"
      hosts = 127.0.0.1
      
      :wq
      
      vim mailboxes.cf
      
      user = vmail_admin
      password = vMMh-68918022
      dbname = vmail
      query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email="%s"
      hosts = 127.0.0.1
      
      :wq
      
      chmod o= *.cf
      chgrp postfix *.cf
      
    • 为邮箱创建用户
      groupadd -g 5000 vmail
      useradd -g vmail -u 5000 vmail -d /home/vmail -m
      
    • 修改/etc/postfix/main.cf
      # See /usr/share/postfix/main.cf.dist for a commented, more complete version
      
      # Debian specific:  Specifying a file name will cause the first
      # line of that file to be used as the name.  The Debian default
      # is /etc/mailname.
      #myorigin = /etc/mailname
      
      smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
      biff = no
      
      # appending .domain is the MUA's job.
      append_dot_mydomain = no
      
      # Uncomment the next line to generate "delayed mail" warnings
      #delay_warning_time = 4h
      
      readme_directory = /usr/share/doc/postfix
      
      # TLS parameters
      #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
      #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
      smtpd_tls_cert_file=/etc/postfix/smtpd.cert
      smtpd_tls_key_file=/etc/postfix/smtpd.key
      smtpd_use_tls=yes
      smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
      smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
      
      # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
      # information on enabling SSL in the smtp client.
      
      smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
      myhostname = mail-sec.michaelhsu-squirrel.com
      #mydomain=michaelhsu-squirrel.com
      #alias_maps = hash:/etc/aliases
      #alias_database = hash:/etc/aliases
      #myorigin = /etc/mailname
      mydestination = localhost.localdomain, localhost
      #mydestination =
      relayhost = [mail.so-net.ne.jp]:587
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.11.0/24
      mailbox_size_limit = 0
      recipient_delimiter = +
      inet_interfaces = all
      # home_mailbox=Maildir/
      
      smtpd_sasl_auth_enable = yes
      broken_sasl_auth_clients = yes
      smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination
      virtual_transport = dovecot
      dovecot_destination_recipient_limit = 1
      
      smtp_sasl_auth_enable = yes
      smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
      smtp_sasl_security_options = noanonymous
      
      smtpd_sasl_type = dovecot
      smtpd_sasl_path = private/auth
      
      #virtual_mailbox_domains = /etc/postfix/virtual/domains
      #virtual_mailbox_maps = hash:/etc/postfix/virtual/vmailbox
      virtual_mailbox_domains = proxy:mysql:/etc/postfix/virtual/domains_mysql.cf
      virtual_mailbox_maps = proxy:mysql:/etc/postfix/virtual/mailboxes_mysql.cf
      virtual_mailbox_base = /home/vmail
      virtual_minimum_uid = 100
      virtual_uid_maps = static:5000
      virtual_gid_maps = static:5000
      inet_protocols = all
      html_directory = /usr/share/doc/postfix/html
      
    • 编辑/etc/postfix/master.cf,打开STARTTLS 587端口
      submission inet n - n - - smtpd
    • 为Postfix和Dovecot创建SSL证书
      cd /etc/postfix
      openssl req -new -outform PEM -out smtpd.cert -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM -days 365 -x509
      chmod o= /etc/postfix/smtpd.key
    • 为Postfix设置用户ID验证saslauthd
      mkdir -p /var/spool/postfix/var/run/saslauthd
      cp -a /etc/default/saslauthd /etc/default/saslauthd.bak
      
      #edit /etc/default/saslauthd
      START=yes
      DESC="SASL Authentication Daemon"
      NAME="saslauthd"
      MECHANISMS="pam"
      MECH_OPTIONS=""
      THREADS=5
      OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
      
      #create /etc/pam.d/smtp with the following contents
      auth required pam_mysql.so
      user = vmail_admin
      passwd = vMMh-68918022
      host = 127.0.0.1
      db = vmail
      table = users
      usercolumn = email
      passwdcolumn = password
      crypt = 1
      
      account sufficient pam_mysql.so
      user = vmail_admin
      passwd = vMMh-68918022
      host = 127.0.0.1
      db = vmail
      table = users
      usercolumn = email
      passwdcolumn = password
      crypt = 1
      
      #create a file /etc/postfix/sasl/smtpd.conf with the following contents
      pwcheck_method: saslauthd
      mech_list: plain login
      allow_plaintext: true
      auxprop_plugin: mysql
      sql_engine: mysql
      sql_hostnames: 127.0.0.1
      sql_user: vmail_admin
      sql_passwd: vMMh-68918022
      sql_database: vmail
      sql_select: select password from users where email = '%u'
      
      #set proper permissions and ownership
      chmod o= /etc/pam.d/smtp
      chmod o= /etc/postfix/sasl/smtpd.conf
      
      adduser postfix sasl
      service postfix restart
      service saslauthd restart
      
    • 编辑/etc/postfix/master.cf建立postfix和dovecot间的通信
      dovecot unix - n n - - pipe
        flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
    • 编辑/etc/postfix/main.cf,使得postfix可以通过dovecot验证用户
      smtpd_sasl_type = dovecot
      smtpd_sasl_path = private/auth
    • 修改dovecot的配置文件 /etc/dovecot/dovecot.conf
       log_timestamp = "%Y-%m-%d %H:%M:%S "
      mail_location = maildir:/home/vmail/%d/%n
      
      auth_mechanisms = plain login
      
      namespace {
          inbox = yes
          location =
          prefix =
          #prefix = INBOX.
          separator = /
          type = private
      
          mailbox Sent {
              auto = subscribe
              special_use = \Sent
          }
          mailbox Drafts {
              auto = subscribe
              special_use = \Drafts
          }
          mailbox Trash {
              auto = subscribe
              special_use = \Trash
          }
          mailbox Junk {
              auto = subscribe
              special_use = \Junk
          }
      }
      
      passdb {
          args = /etc/dovecot/dovecot-sql.conf
          driver = sql
      }
      
      protocols = imap
      service auth {
          unix_listener /var/spool/postfix/private/auth {
              group = postfix
              mode = 0660
              user = postfix
          }
          unix_listener auth-master {
              mode = 0600
              user = vmail
       }
          user = root
      }
      
      ssl = required
      ssl_cert = 
      
      
    • 修改/etc/dovecot/dovecot-sql.conf,使得dovecot可以验证sql中的用户信息
      cp -a /etc/dovecot/dovecot-sql.conf /etc/dovecot/dovecot-sql.conf.bak
      vim /etc/dovecot/dovecot-sql.conf
      driver = mysql
      connect = host=127.0.0.1 dbname=vmail user=vmail_admin password=vMMh-68918022
      default_pass_scheme = CRYPT
      password_query = \
        SELECT email as user, password \
        FROM users WHERE email='%u'
      :wq
      
      service dovecot restart
      
      chgrp vmail /etc/dovecot/dovecot.conf
      chmod g+r /etc/dovecot/dovecot.conf
    • 测试
      telnet localhost 25
      ehlo localhost
      
      Trying 127.0.0.1...
      Connected to localhost.
      Escape character is '^]'.
      220 mail-sec.michaelhsu-squirrel.com ESMTP Postfix (Ubuntu)
      ehlo localhost
      250-mail-sec.michaelhsu-squirrel.com
      250-PIPELINING
      250-SIZE 10240000
      250-VRFY
      250-ETRN
      250-STARTTLS
      250-AUTH PLAIN
      250-AUTH=PLAIN
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
      
      
    • 在数据库中添加虚拟域名和用户
      mysql -u vmail_admin -p
      use mail;
      insert into domains(domain) values('michaelhsu-squirrel.com');
      insert into users(email, password) values('admin@michaelhsu-squirrel.com', ENCRYPT('password'));
      quit
    • 将上述添加好的用户名设置为no-reply 创建/etc/postfix/noreply文件,并添加以下内容
      info@michaelhsu-squirrel.com REJECT This is a no-reply address.
      然后执行postmap命令
      postmap noreply
      在/etc/postfix/main.cf的smtpd_recipient_restrictions选项中将下面的内容添加到最前面
      smtpd_recipient_restrictions: check_recipient_access hash:/etc/postfix/noreply, xxxxxxx
      然后reload一下
      service postfix reload
    • 在Thunderbird中添加用户 IMAP: mail-sec.michaelhsu-squirrel.com 993 SSL/TLS Normal password SMTP: mail-sec.michaelhsu-squirrel.com 587 STARTTLS Normal password
    • 为了防止被当作垃圾邮件,还要在DNS服务器里添加下面一条TXT @ TXT v=spf1 a mx mx:mail-sec.michaelhsu-squirrel.com ip4:202.238.84.1/24 ~all 600

    参考文献:

    1. http://sharkysoft.com/wiki/how_to_build_a_virtual_user_email_server
    2. https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql-on-ubuntu-10-04-lts-lucid/
    3. http://linfan.info/blog/2012/10/21/ubuntu-12-dot-04-email-server/
    4. http://serverfault.com/questions/267446/postfix-custom-reject-message-for-certain-email-adresses