最近帮飞哥搭建了一个Linux Mail Server,捣鼓了一天终于搞掂了。这里记录下来以备后用,由于时间仓促,很多参数和功能还不知所以然;-(。
1. 服务器环境
操作系统:CentOS 7.1
环境:apache php mariadb
软件:postfix dovecot roundcubemail postfixadmin
其它:在域名商添加邮件服务器的A记录和MX记录,这里用的mail.freesign.net
同时请申请数字证书,中文版页面的免费申请地址很难看到,估计就是故意不想让人找到的。前段时间还是3年的,现在签发只能管一年了。
关于LAMP环境的搭建网络上已经一大堆了,此处不表。Apache推荐开启https,因为postfixadmin和roundcubemail是网页端访问的,这样会比较安全。
添加邮件专用用户vmail:vmail
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /home/vmail -m
2. 邮件服务器搭建
2.1 设置服务器
在数据库中专门添加一个邮件的数据库。同时由于邮件服务器涉及到多个软件,这些软件的系统也是通过操作数据库的操作来实现的。
user@localhost ~ mysql -u user -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or /g.
Your MariaDB connection id is 3857
Server version: 5.5.44-MariaDB MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '/h' for help. Type '/c' to clear the current input statement.
MariaDB [(none)]>
MariaDB [(none)]> create database postfix;
MariaDB [(none)]> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfixadmin';
MariaDB [(none)]> CREATE USER 'postfix'@'localhost.localdomain' IDENTIFIED BY 'postfixadmin';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost.localdomain';
MariaDB [(none)]> FLUSH PRIVILEGES;
(把数据库操作过程的输出信息省略了)
2.2 安装roundcubemail和postfixadmin
postfixadmin没有被打包到库中,所以需要手动下载源代码来安装。roundcubemail是epel中被打包了的,可以直接yum安装。
user@localhost ~ sudo yum install roundcubemail
user@localhost ~ cd /usr/share
user@localhost /usr/share sudo wget wget http://jaist.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.93/postfixadmin-2.93.tar.gz
user@localhost /usr/share sudo tar xzvf postfixadmin-2.93.tar.gz
user@localhost /usr/share sudo mv postfixadmin-2.93 postfixadmin
把postfixadmin解压到/usr/share目录,其实这步骤是跟roundcubemail学的。在安装roundcubemail 的时候,会在/etc/httpd/conf.d/roundcubemail.conf产生一个虚拟主机,对这个虚拟主机的别名和目录做如下设置
Alias /roundcubemail /usr/share/roundcubemail
Alias /mail /usr/share/roundcubemail
Alias /postfixadmin /usr/share/postfixadmin
<Directory /usr/share/roundcubemail/>
Options none
AllowOverride Limit
Require all granted
</Directory>
<Directory /usr/share/postfixadmin/>
Options none
AllowOverride Limit
Require all granted
</Directory>
<Directory /usr/share/roundcubemail/installer>
Options none
AllowOverride Limit
Require all granted
</Directory>
记得重启apache服务器。
postfixadmin算是一个postfix的管理前端,邮件服务器管理域名和用户账户都在这里。解压之后修改config.inc.php文件(官方推荐是创建config.local.php文件,便于后续升级),其实最主要是数据库相关的设置信息(重要的修改列出如下):
$CONF['configured'] = true;
$CONF['setup_password'] = 'abc123def';
$CONF['default_language'] = 'cn';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfixadmin';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = 'yourmailaddress@126.com';
$CONF['encrypt'] = 'dovecot:CRAM-MD5';
$CONF['dovecotpw'] = "/usr/bin/doveadm pw";
坑点说明:(1)setup_password需要满足密码复杂性要求,不是随便设置的,第一步设置明文,然后在页面生成加密后的密码,再将加密后的密文替换abc123def之后,才能进行添加管理员的操作;(2)encrypt需要修改,要跟后面其它部分设置一样;(3)CentOS7中doveadm打包到了/usr/bin目录,所以这里的路径需要更新;(4)templates_c目录的所属权限需要改为apache;(postfixadmin的DOCUMENTS目录下的内容是个比较好的参考文档)
然后访问 https://mail.freesign.net/postfixadmin/setup.php 进行安装:第一步会生成加密的setup_passwd密码,替换config文件中的明文密码后,会让你创建一个管理账户,创建完成验证能登陆之后就先别做其它操作和设置了,因为很多东西还没有设置,创建域啥的没啥意义;
管理员和普通用户的管理路径在下面:
https://mail.freesign.net/postfixadmin/login.php
https://mail.freesign.net/postfixadmin/users/login.php2.3 安装postfix dovecot
postfix和dovecot是本文最重要和复杂的两处设置(所以才有人称邮件服务器就是个坑,一点没httpd、ftp这类服务器省心),postfix的配置文件位于/etc/postfix/下,而dovecot配置文件主要位于/etc/dovecot/下。
2.3.1 postfix的配置信息
main.cf重要参数
myhostname = mail.freesign.net
mydomain = freesign.net
inet_interfaces = all
inet_protocols = ipv4
mydestination = localhost.localdomain, localhost
mynetworks = 127.0.0.0/8
#以上的参数比较的严格
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
#邮件的根目录
virtual_mailbox_base = /aaa/maildata/
#vmail:vmail的uid和gid
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
#smtps 加密发送服务设置
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_application_name = smtpd
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
#用户配额,可以后续慢慢优化
message_size_limit = 20480000
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
maximal_queue_lifetime = 1d
bounce_queue_lifetime = 1d
在master.cf配置文件中,添加dovecot服务支持,同时打开smtps的相关服务smtps和submission,从而支持ssl和tls加密发送
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
在上文的配置中,同时还需要建立若干mysql_xxx.cf的链接文件,主要用来访问postfixadmin建立的数据库来进行数据交互的,文件的内容基本同参考2种所列出。其中有个mysql_virtual_mailbox_maps.cf漏写了,内容如下:
user = postfix
password = postpasswd
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
2.3.2 dovecot的配置信息
这个dovecot的配置就更坑爹了,以前都是搞到一个conf文件的,现在分开到conf.d目录下各个conf文件,显得更难抄袭了。dovecat主要用来收取邮件的,支持pop3/imap/lmtp协议。
dovecot.conf的主要内容
protocols = imap pop3
listen = *
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=5000 gid=5000 home=/aaa/maildata/%d/%n allow_all_users=yes
}
上文中dovecot-sql.conf.ext的内容如下,注意到采用的密码加密方式,必须跟前面的设置要一致才行。
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfixadmin
default_pass_scheme = CRAM-MD5
user_query = SELECT CONCAT('/abc/maildata/', maildir) AS home, 5000 AS uid, 5000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1'
password_query = SELECT username AS user, password, CONCAT('/webdata/data/maildata/', maildir) AS userdb_home, 5000 AS userdb_uid, 5000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1'
下面把dovecot最主要的配置列举出来:
```bash
#10-mail.conf
mail_location = maildir:/aaa/maildata/%d/%n/Maildir
#10-auth.conf
disable_plaintext_auth = no
auth_mechanisms = plain login cram-md5
#10-master.conf
service imap-login {
inet_listener imap {
#port = 143 关掉非加密访问
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service auth {
unix_listener auth-userdb {
mode = 0666
user = vmail
group = vmail
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
}
}
#10-ssl.conf
ssl = yes
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
2.4 roundcubemail设置
roundcubemail是一个邮件登陆web界面。安装第一步也是需要运行 https://mail.freesign.net/webmail/installer 访问安装界面。在第(2)步检查各项条件满足后,进入下一步,在第(2)步根据用户的配置,辅助生成配置文件,我们将该文件复制拷贝到/etc/roundcubemail/config.inc.php中,再在第三步(3)进行配置的测试验证。
/etc/roundcubemail/config.inc.php的重要配置有:
#数据库访问设置
$config['db_dsnw'] = 'mysql://postfix:postfixadmin@localhost/postfix';
#IMAP
$config['default_host'] = 'ssl://mail.freesign.com/';
$config['default_port'] = 993;
#SMTP
$config['smtp_server'] = 'tls://topcubaircraft.com';
// SMTP port (default is 25; use 587 for STARTTLS or 465 for the
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['plugins'] = array('archive', 'attachment_reminder', 'help');
$config['sent_mbox'] = 'Sent';
$config['trash_mbox'] = 'Trash';
$config['drafts_mbox'] = 'Drafts';
$config['junk_mbox'] = 'Junk';
3. 验证与测试
3.1 建立邮件账户
通过访问 https://mail.freesign.net/postfixadmin/ ,首先添加域mail.freesign.net,然后在域下添加账户nicol,就完成了nicol@mail.freesign.net邮箱账户的注册。
3.2 网页端和手机端验证
在网页端,访问 https://mail.freesign.net/mail/
在手机端,用的ssl加密连接,测试OK