1、安装postfix
yum -y install postfix
2、安装opendkim:
(DomainKeys Identified Mail,域名密钥识别邮件)是一种部署在服务器上使用公钥和私钥对电子邮件进行数字签名和验证的方法。启用 DKIM 机制后,服务器发出的邮件就可以被确切地确认来源从而防止别人伪造冒用自己的域名发送电子邮件。这也可以减少所发邮件被识别为垃圾邮件的情况。
yum -y install opendkim
3、安装sasldb、saslauthd (提供smtp的虚拟账户和密码服务)
yum -y install cyrus-sasl*
4、配置postfix
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix myhostname = mail02.be**.cn mydomain = be***.cn myorigin = $mydomain inet_interfaces = 10.9.114.6, localhost inet_protocols = ipv4 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain unknown_local_recipient_reject_code = 550 mynetworks = /etc/postfix/network_table alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases smtpd_banner = Mail02 Gateway ESMTP debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.6.6/samples readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_authenticated_header = yes smtpd_sender_restrictions = reject_unknown_sender_domain smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access,permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_client_restrictions = check_client_access hash:/etc/postfix/access disable_vrfy_command = yes smtpd_use_tls = yes smtpd_tls_security_level = may smtp_tls_security_level = may tls_random_source = dev:/dev/urandom smtpd_tls_cert_file = /etc/postfix/cert.pem smtpd_tls_key_file = /etc/postfix/key.pem smtpd_milters = inet:localhost:8891 non_smtpd_milters = inet:localhost:8891 anvil_rate_time_unit = 60s smtpd_client_message_rate_limit = 100 smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
# ll total 212 -rw-r--r-- 1 root root 19579 Sep 18 13:20 access -rw-r--r-- 1 root root 12288 Sep 18 13:20 access.db drwxr-xr-x 2 root root 4096 Sep 18 13:26 bak -rw-r--r-- 1 root root 11681 Sep 18 13:20 canonical -rw-r--r-- 1 root root 1432 Sep 18 13:20 cert.pem -rw-r--r-- 1 root root 9904 Sep 18 13:20 generic -rw-r--r-- 1 root root 18310 Sep 18 13:20 header_checks -rw-r--r-- 1 root root 1704 Sep 18 13:20 key.pem -rw-r--r-- 1 root root 28078 Sep 18 13:26 main.cf -rw-r--r-- 1 root root 27009 Sep 18 13:20 main.cf_bak -rw-r--r-- 1 root root 5213 Sep 18 13:20 master.cf -rw-r--r-- 1 root root 25 Sep 18 13:20 network_table -rw-r--r-- 1 root root 38 Sep 18 13:20 recipient_access -rw-r--r-- 1 root root 12288 Sep 18 13:20 recipient_access.db -rw-r--r-- 1 root root 6816 Sep 18 13:20 relocated -rw-r--r-- 1 root root 12500 Sep 18 13:20 transport -rw-r--r-- 1 root root 12494 Sep 18 13:20 virtual
5、配置opendkim.conf
PidFile /var/run/opendkim/opendkim.pid Mode sv Syslog yes SyslogSuccess yes LogWhy yes UserID opendkim:opendkim Socket inet:8891@localhost Umask 002 SendReports yes SoftwareHeader yes Canonicalization relaxed/relaxed Selector default KeyTable refile:/etc/opendkim/KeyTable SigningTable refile:/etc/opendkim/SigningTable ExternalIgnoreList refile:/etc/opendkim/TrustedHosts InternalHosts refile:/etc/opendkim/TrustedHosts OversignHeaders From
6、opendkim秘钥配置:
我安装的时候是直接从旧的mail服务器拷贝到新的mail服务器。可以参考下面的文档来创建 https://cnzhx.net/blog/implementation-of-dkim-on-centos-7/
使用下面的指令在系统的 /etc/opendkim/keys
文件夹下创建公钥和私钥。(请注意根据自己的情况调整路径和主机以及域名。)
# mkdir /etc/opendkim/keys/cnzhx.net # opendkim-genkey -D /etc/opendkim/keys/cnzhx.net/ -d cnzhx.net mail.cnzhx.net -s cnzhx
其中 -d
指定需要使用此密钥的域名,可以有多个,比如上面的 cnzhx.net
和 mail.cnzhx.net
;-s cnzhx
是指令生成的公钥/私钥文件的选择器(文件名,其实就是个标记),默认(即不使用 -s cnzhx
的情况下)是 default
。详见该指令的说明文档。一般情况下可不指定选择器,但是如果有个多个域名分别使用不同的公钥和私钥,那就肯定需要为它们指定不同的选择器了。该字符串将会包含在 DKIM 的签名中。
生成的文件中,default.private
(这里是 cnzhx.private
)是针对该域名的私钥;default.txt
(这里是 cnzhx.txt
)里面的文本是公钥。公钥将会通过域名解析系统的 TXT 记录公布到网上。
7、编辑/etc/sasl2/smtp.conf文件,注释其他配置,加入以下配置
pwcheck_method: auxprop auxprop_plugin: sasldb mech_list: plain login
8、安装mailx(用来发送测试邮件)
yum -y install mailx
9、创建邮箱账号
saslpasswd2 -c -u `postconf -h mydomain` report
创建report邮箱账号并设置密码
10、DNSPOD配置MX记录和TXT记录
TXT配置:
主机记录:
s20160805._domainkey
记录值:
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsHany1ThlPQAv0rLrkx3VW88k8joNb4r3n/YtF5lnt8SNJL7iLUDNLsv7nKVySozedYNNZMPD6dTs+DjQ7vXVijw3x4a5LxctuugN3FyawIKkkJK2ZGRcISq384KjgBAvtYqXxdnHtEhP8aIt9Vxdm5yQ1pcsJajw1+1vuOjt3QIDAQAB
这里p= 后面的值为服务器上创建的txt文件中domain_key的值
主机记录:@
记录值:
v=spf1 a mx -all
11、发送测试邮件
编辑/etc/mail.rc文件追加以下配置
set bsdcompat set from=report<report@beyondh.cn> #发件人邮箱 set smtp=mail02.be***.cn #邮箱服务器地址 set smtp-auth-user=report@be***.cn #登录邮箱帐号 set smtp-auth-password=****** #邮箱账号密码 set smtp-auth=login #需要登录认证
发送邮件命令:
echo hello word | mailx -v -s " title" 451345***@qq.com
参考文档:
http://blog.jjonline.cn/linux/185.html
https://cnzhx.net/blog/implementation-of-dkim-on-centos-7/
http://www.jianshu.com/p/5dd7ab8edd14
转载于:https://blog.51cto.com/zengestudy/1966415