1、安装postfixyum -y install postfix
2、安装opendkim:
(DomainKeys Identified Mail,域名密钥识别邮件)是一种部署在服务器上使用公钥和私钥对电子邮件进行数字签名和验证的方法。启用 DKIM 机制后,服务器发出的邮件就可以被确切地确认来源从而防止别人伪造冒用自己的域名发送电子邮件。这也可以减少所发邮件被识别为垃圾邮件的情况。yum -y install opendkim
3、安装sasldb、saslauthd (提供smtp的虚拟账户和密码服务)yum -y install cyrus-sasl*
4、配置postfixqueue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = mail02.be**.cn
mydomain = be***.cn
myorigin = $mydomain
inet_interfaces = 10.9.114.6, localhost
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks = /etc/postfix/network_table
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtpd_banner = Mail02 Gateway ESMTP
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.6.6/samples
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_authenticated_header = yes
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/recipient_access,permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_client_restrictions = check_client_access hash:/etc/postfix/access
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtp_tls_security_level = may
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
anvil_rate_time_unit = 60s
smtpd_client_message_rate_limit = 100
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
# ll
total 212
-rw-r--r-- 1 root root 19579 Sep 18 13:20 access
-rw-r--r-- 1 root root 12288 Sep 18 13:20 access.db
drwxr-xr-x 2 root root 4096 Sep 18 13:26 bak
-rw-r--r-- 1 root root 11681 Sep 18 13:20 canonical
-rw-r--r-- 1 root root 1432 Sep 18 13:20 cert.pem
-rw-r--r-- 1 root root 9904 Sep 18 13:20 generic
-rw-r--r-- 1 root root 18310 Sep 18 13:20 header_checks
-rw-r--r-- 1 root root 1704 Sep 18 13:20 key.pem
-rw-r--r-- 1 root root 28078 Sep 18 13:26 main.cf
-rw-r--r-- 1 root root 27009 Sep 18 13:20 main.cf_bak
-rw-r--r-- 1 root root 5213 Sep 18 13:20 master.cf
-rw-r--r-- 1 root root 25 Sep 18 13:20 network_table
-rw-r--r-- 1 root root 38 Sep 18 13:20 recipient_access
-rw-r--r-- 1 root root 12288 Sep 18 13:20 recipient_access.db
-rw-r--r-- 1 root root 6816 Sep 18 13:20 relocated
-rw-r--r-- 1 root root 12500 Sep 18 13:20 transport
-rw-r--r-- 1 root root 12494 Sep 18 13:20 virtual
5、配置opendkim.confPidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:8891@localhost
Umask 002
SendReports yes
SoftwareHeader yes
Canonicalization relaxed/relaxed
Selector default
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
OversignHeaders From
6、opendkim秘钥配置:
使用下面的指令在系统的/etc/opendkim/keys文件夹下创建公钥和私钥。(请注意根据自己的情况调整路径和主机以及域名。)# mkdir /etc/opendkim/keys/cnzhx.net
# opendkim-genkey -D /etc/opendkim/keys/cnzhx.net/ -d cnzhx.net mail.cnzhx.net -s cnzhx
其中 -d 指定需要使用此密钥的域名,可以有多个,比如上面的 cnzhx.net 和 mail.cnzhx.net;-s cnzhx 是指令生成的公钥/私钥文件的选择器(文件名,其实就是个标记),默认(即不使用 -s cnzhx 的情况下)是 default。详见该指令的说明文档。一般情况下可不指定选择器,但是如果有个多个域名分别使用不同的公钥和私钥,那就肯定需要为它们指定不同的选择器了。该字符串将会包含在 DKIM 的签名中。
生成的文件中,default.private(这里是 cnzhx.private)是针对该域名的私钥;default.txt(这里是 cnzhx.txt)里面的文本是公钥。公钥将会通过域名解析系统的 TXT 记录公布到网上。
7、编辑/etc/sasl2/smtp.conf文件,注释其他配置,加入以下配置pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login
8、安装mailx(用来发送测试邮件)yum -y install mailx
9、创建邮箱账号saslpasswd2 -c -u `postconf -h mydomain` report
创建report邮箱账号并设置密码
10、DNSPOD配置MX记录和TXT记录
TXT配置:
主机记录:s20160805._domainkey
记录值:v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCsHany1ThlPQAv0rLrkx3VW88k8joNb4r3n/YtF5lnt8SNJL7iLUDNLsv7nKVySozedYNNZMPD6dTs+DjQ7vXVijw3x4a5LxctuugN3FyawIKkkJK2ZGRcISq384KjgBAvtYqXxdnHtEhP8aIt9Vxdm5yQ1pcsJajw1+1vuOjt3QIDAQAB
这里p= 后面的值为服务器上创建的txt文件中domain_key的值
主机记录:@
记录值:v=spf1 a mx -all
11、发送测试邮件
编辑/etc/mail.rc文件追加以下配置set bsdcompat
set from=report #发件人邮箱
set smtp=mail02.be***.cn #邮箱服务器地址
set smtp-auth-user=report@be***.cn #登录邮箱帐号
set smtp-auth-password=****** #邮箱账号密码
set smtp-auth=login #需要登录认证
发送邮件命令:
echo hello word | mailx -v -s " title" 451345***@qq.com
参考文档:
http://blog.jjonline.cn/linux/185.html