ubuntu下安装配置Postfix邮件系统

 

ubuntu下安装配置Postfix邮件系统

1. Introduction（介绍） Postfix is a Mail Transfer Agent (MTA) which is the default MTA for Ubuntu. It is in Ubuntu's main repository, which means that it receives security updates. This guide explains how to install and configure postfix and set it up as an SMTP server using a secure connection. Postfix是一个邮件传输客户端(MTA),它也是ubuntu中默认的邮件传输客户端.它是Ubuntu的main软件库中的一个软件.这意味着它拥有安全更新.这份指南告诉你如何安装及配置postfix并将其设置成一个使用安全连接的SMTP服务器. 2. Installation（安装） In order to install Postfix with SMTP-AUTH and TLS do the following steps: 安装带SMTP-AUTHT和TLSR的Postfix使用如下的命令: apt-get install postfix libsasl2 sasl2-bin libsasl2-modules libdb3-util procmail 3. Configuration（配置） Run: 运行: dpkg-reconfigure postfix Insert the following details when asked (replacing server1.example.com with your domain name if you have one): 当要求提供相关信息时输入如下的信息(如果你拥有一个域名的话,将server1.example.com替换成你自己的域名): Internet Site NONE server1.example.com server1.example.com, localhost.example.com, localhost No 127.0.0.0/8 Yes 0 + all Then run the following commands: 运行下列命令: ### Configure Postfix to do SMTP AUTH using SASL (saslauthd) postconf -e 'smtpd_sasl_local_domain =' postconf -e 'smtpd_sasl_auth_enable = yes' postconf -e 'smtpd_sasl_security_options = noanonymous' postconf -e 'broken_sasl_auth_clients = yes' postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination' postconf -e 'inet_interfaces = all' echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf ### Generate certificates to be used for TLS encryption and/or certificate Authentication mkdir /etc/postfix/ssl cd /etc/postfix/ssl/ openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024 chmod 600 smtpd.key openssl req -new -key smtpd.key -out smtpd.csr openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt openssl rsa -in smtpd.key -out smtpd.key.unencrypted mv -f smtpd.key.unencrypted smtpd.key openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 ### Configure Postfix to do TLS encryption for both incoming and outgoing mail postconf -e 'smtpd_tls_auth_only = no' postconf -e 'smtp_use_tls = yes' postconf -e 'smtpd_use_tls = yes' postconf -e 'smtp_tls_note_starttls_offer = yes' postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key' postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt' postconf -e 'smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem' postconf -e 'smtpd_tls_loglevel = 1' postconf -e 'smtpd_tls_received_header = yes' postconf -e 'smtpd_tls_session_cache_timeout = 3600s' postconf -e 'tls_random_source = dev:/dev/urandom' postconf -e 'myhostname = server1.example.com' The file /etc/postfix/main.cf should now look like this: /etc/postfix/main.cf 这个文件应当是如下的内容: # See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h myhostname = server1.example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = server1.example.com, localhost.example.com, localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_command = procmail -a "$EXTENSION" mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom Restart the postfix daemon like this: 重启postfix守护进程: /etc/init.d/postfix restart 4. Authentication（验证） Authentication will be done by saslauthd. 使用saslauthd来执行验证 We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have change a couple paths to live in the false root. (ie. /var/run/saslauthd becomes /var/spool/postfix/var/run/saslauthd): 我们应当修改一些内容来令saslauthd正常工作.因为Postfix需要将根目录更改为/var/spool/postfix ,我们应当将那些使用不正确根目录的目录更改为正确的.(例如:将/var/run/saslauthd 修改为/var/spool/postfix/var/run/saslauthd): First we edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes and add the PWDIR, PARAMS, and PIDFILE lines: 首先,我们需要编辑/etc/default/saslauthd 以激活 saslauthd . 请将 START=yes 之前的 # 号去掉并添加 PWDIR, PARAMS 和 PIDFILE 行: # This needs to be uncommented before saslauthd will be run automatically START=yes PWDIR="/var/spool/postfix/var/run/saslauthd" PARAMS="-m ${PWDIR}" PIDFILE="${PWDIR}/saslauthd.pid" # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam" Note: If you prefer, you can use "shadow" instead of "pam". This will use MD5 hashed password transfer and is perfectly secure. The username and password needed to authenticate will be those of the users on the system you are using on the server. 注 : 如果你喜欢的话,你可以使用"shadow"来替换"pam" .这将使用MD5生成的哈希值来传输以得到更高的安全性. 需要验证的用户名及密码将是那些你服务器上的系统上的. Next, we update the dpkg "state" of /var/spool/portfix/var/run/saslauthd. The saslauthd init script uses this setting to create the missing directory with the appropriate permissions and ownership: 下一步: 我们更新 dpkg 中 /var/spool/portfix/var/run/saslauthd 的状态. saslauthd 的启动脚本需要一个特定的用户权限来建立一个新的目录. dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd Finally, start saslauthd: 最后,启动saslauthd: /etc/init.d/saslauthd start 5. Testing（测试） To see if SMTP-AUTH and TLS work properly now run the following command: 要查看SMTP-AUTH 及TLS能否正常工作请使用如下命令: telnet localhost 25 After you have established the connection to your postfix mail server type 在您建立了与您的postfix邮件服务器类型的连接之后 ehlo localhost If you see the lines 如果你看到如下行 250-STARTTLS 250-AUTH among others, everything is working. 在其它内容之上,表明一切正常. Type quit to return to the system's shell. 输入 quit 以返回系统. 6、安装Postfix 从下面的URL下载Postfix 2.2.8的源代码：http://www.postfix.org 从下面的URL下载Postfix 2.2.8的VDA补丁程序：http://web.onda.com.br/nadal/ chkconfig --level 2345 sendmail off 增加Postfix运行所需要的用户和组，并建立“/home/mail”目录作为存储邮件的地方： groupadd postfix groupadd postdrop useradd postfix -g postfix -c "Postfix user" -d /nonexistent -s /sbin/nologin mkdir /home/mail chown postfix:postfix /home/mail 安装Postfix： gzip -d postfix-2.2.8-vda.patch.gz tar zvxf postfix-2.2.8.tar.gz cd postfix-2.2.8 patch -p1 < ../postfix-2.2.8-vda.patch make -f Makefile.init makefiles \ OPT='-march=pentium4 -O2 -pipe -fomit-frame-pointer' \ 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -I/usr/include/sasl -DUSE_TLS' \ 'AUXLIBS=-L/usr/lib -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2 -lssl -lcrypto' make make install 注：“make install”命令后的所有问题都直接敲回车键即可。 mv /etc/aliases /etc/aliases.old ln -s /etc/postfix/aliases /etc/aliases echo 'root: admin@example.com'>>/etc/postfix/aliases /usr/bin/newaliases 注：因为Postfix不允许直接发邮件给root用户，所以你需要为root用户建立一个别名。 建立smtpd用户认证的配置文件： vi /usr/lib/sasl2/smtpd.conf pwcheck_method: authdaemond log_level: 3 mech_list: plain login authdaemond_path:/var/spool/authdaemon/socket 使用postconf -n简化main.cf，这样的好处是main.cf比较短小，不容易造成同一个配置出现两次的问题: cd /etc/postfix postconf -n > main2.cf mv main.cf main.cf.old mv main2.cf main.cf 修改Postfix的配置文件，#号之后是说明文字： vi /etc/postfix/main.cf myhostname = mail.example.com # mail.example.com是安装Postfix软件的主机名 mydomain = example.com # example.com是安装Postfix软件的主机名中的域名部分 myorigin = $mydomain mydestination = alias_maps = hash:/etc/aliases home_mailbox = Maildir/ # 使用Maildir作为邮件的存储格式 # Add following line in file's finality virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_base = /home/mail virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_limit = 102400000 virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 502 virtual_uid_maps = static:502 virtual_gid_maps = static:502 virtual_transport = virtual # Additional for quota support virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later. virtual_overquota_bounce = yes virtual_trash_count=yes virtual_trash_name=.Trash broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl-xbl.spamhaus.org smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_security_options = noanonymous 注：①“virtual_gid_maps”和“virtual_uid_maps”是postfix用户的gid和uid， “virtual_minimum_uid”应当≤“virtual_uid_maps”，“virtual_mailbox_limit”是每个邮箱的 大小。 ②opm.blitzed.org、list.dsbl.org、bl.spamcop.net、sbl-xbl.spamhaus.org是经常使用的 几个反垃圾邮件列表，如果你使用上面的设置可能无法收到sina、sohu、163等几个国内主要ISP的邮件。你也可以使用中国反垃圾邮件联盟的反垃圾 邮件列表，这样你就能收到国内几个主要ISP的邮件，同时一些垃圾邮件也可能光临你的邮件服务器^_^。 ③Postfix使用MySQL存储用户信息的配置文件已经包含在extman的发行包中，等安装extman的时候copy到/etc/postfix目录下即可。 设置Postfix开机自动运行，在/etc/rc.local中增加“/usr/sbin/postfix start&”。 注：①系统已经打开了Postfix的TLS支持，如果你需要这项功能可以参考Postfix发行包中的TLS_README文档进行配置。 ②你可以使用一个叫pflogsumm.pl的perl脚本对postfix的日志进行分析，详细的情况见：http://jimsun.linxnet.com/postfix_contrib.html。 7. Installing courier IMAP and POP3 sudo apt-get install courier-pop sudo apt-get install courier-imap