记录配置 PostFix 邮件服务器过程,由于经常用到,会不定时更新完善
首先配置域名,这个比较简单,我们把这部分工作放到前来,需要配置的域名记录有2个:
A记录,spf记录和mx记录:
1. 新增A记录: mail.xxx.com 到你的服务器
2. 新增MX记录: @(空头)到你 刚才配置的 A记录:mail.xxx.com
3. 新增TXT记录:@(空头)固定值:"v=spf1 a mx ~all"
SFP介绍:
就是Sender Policy Framework。SPF可以防止别人伪造你来发邮件,是一个反伪造性邮件的解决方案。当你定义了你的domain name的SPF记录之后,接收邮件方会根据你的SPF记录来确定连接过来的IP地址是否被包含在SPF记录里面,如果在,则认为是一封正确的邮件,否则则认为是一封伪造的邮件。关于更详细的信息请参考RFC4408(http://www.ietf.org/rfc/rfc4408.txt)
一般配置成:“v=spf1 a mx ~all”
下面安装必要软件,用yum安装即可
yum install -y postfix dovecot dovecot-mysql cyrus-sasl-plain cyrus-sasl mailx
安装完,开始配置环节
# 设置hostname
hostnamectl set-hostname mail.i7do.com
cat /etc/hostname
vim /etc/hosts //添加下面一行
127.0.0.1 mail.i7do.cn
# 检查配置文件
postconf -a
postfix check
systemctl restart postfix.service
systemctl enable postfix.service
systemctl restart dovecot
vim /etc/dovecot/conf.d/10-auth.conf
cp /usr/share/doc/dovecot-2.2.36/example-config/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext
vim /etc/dovecot/dovecot-sql.conf.ext
修改 main.cf
#修改以下配置
myhostname = mail.i7do.com //邮件服务器的主机名
mydomain = i7do.com //邮件域
myorigin = $mydomain //往外发邮件的邮件域
inet_interfaces = all //监听的网卡
inet_protocols = all
mydestination = $myhostname, $mydomain //服务的对象
home_mailbox = Maildir/ //邮件存放的目录
# 规定邮件最大尺寸为10M
message_size_limit = 10485760
# 规定收件箱最大容量为1G
mailbox_size_limit = 1073741824
# SMTP认证
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
mynetworks = 127.0.0.0/8
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
# SSL 加密
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
smtp_tls_CApath = /etc/ssl/certs
smtpd_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtpd_relay_restrictions = permit_myNetworks,permit_sasl_authenticated,defer_unauth_destination
创建证书:
cat /etc/dovecot/dovecot.pem
cd /etc/pki/tls/misc
./CA -newca
openssl req -new -nodes -keyout mailkey.pem -out mailreg.pem -days 365
rm -f /etc/pki/CA/index.txt
touch /etc/pki/CA/index.txt
openssl ca -out mail_signed_cert.pem -infiles mailreg.pem
vim /etc/pki/tls/openssl.cnf
openssl genrsa -des3 -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl x509 -in server.crt -out server.pem -outform PEM
修改端口:
vim /etc/postfix/master.cf
打开 smtp smtps
创建用户:
useradd fan -s /sbin/nologin
echo '123123' | passwd --stdin fan
检查进程是否启动:
netstat -anpt | grep dovecot
netstat -anpt | grep postfix
netstat -anpt | grep smtp
netstat -anpt | grep master
测试发送邮件:
yum -y install mailx
echo '这是测试' | mail -s '你好,164' islacker@qq.com
配置mysql
vim /etc/dovecot/dovecot.conf
vim /etc/dovecot/conf.d/10-auth.conf ##认证配置文件
打开 include auth-sql.conf.ext
出错:
Jul 4 17:54:18 mail dovecot: pop3-login: Login: user=<wx_app_shop@xxx.com>, method=PLAIN, rip=61.151.182.11, lip=139.129.213.170, mpid=30164, TLS, session=<ZyTmn5qponU9l7YL>
Jul 4 17:54:18 mail dovecot: pop3(wx_app_shop@xxx.com): Error: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir
Jul 4 17:54:18 mail dovecot: pop3(wx_app_shop@i7do.com): Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir top=0/0, retr=0/0, del=0/0, size=0
修改:
vim /etc/dovecot/dovecot.conf
# 找到下面这行,注释掉,MySQL 版本不需要固定
#mail_location = maildir:~/Maildir
修改为
mail_location = maildir:/home/vmail/%u/Maildir
变量的意义:
# %u - username
# %n - user part in user@domain, same as %u if there's no domain
# %d - domain part in user@domain, empty if there's no domain
# %h - home directory
问题:
Jul 5 09:07:02 mail postfix/error[3017]: 78FD01205AC: to=xxx@qq.com, relay=none, delay=0.17, delays=0.12/0.04/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
修改/etc/postfix/transport,清空 qq.com slow: 这一行