安装并配置Postfix和Dovecot构建完整邮件服务

linux

Dovecot是一个开源的IMAP和POP3服务器,适用于Linux / UNIX类系统,主要考虑安全性。 Timo Sirainen发起了Dovecot并于2002年7月首次发布.Dovecot开发人员主要致力于生产轻量,快速且易于设置的开源邮件服务器

在这篇文章中,我们将向您展示如何安装和配置Postfix和Dovecot,这是我们邮件系统的两个主要组件。

Postfix是一种开源邮件传输代理(MTA),一种用于发送和接收电子邮件的服务。Dovecot是一个IMAP / POP3服务器,在我们的设置中它还将处理本地交付和用户身份验证。

本教程是为Ubuntu 16.04编写的,但是相同的小修改步骤应适用于任何较新版的ubuntu。

前提条件

在继续本教程之前,请确保以具有sudo权限的用户身份登录。

安装Postfix和Dovecot

Ubuntu默认存储库中的Dovecot软件包已过时。为了可以使用imap_sieve模块,我们将从Dovecot社区存储库安装Dovecot

使用以下wget命令将存储库GPG密钥添加到apt源密钥环:

wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -

使用以下命令启用Dovecot社区存储库:

echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list
sudo apt updatesudo debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"sudo debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"sudo apt install postfix postfix-mysql dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql

Postfix配置

我们将设置Postfix以使用虚拟邮箱和域

首先创建sql配置文件,该文件将指示postfix如何访问Postfix Admin创建的MySQL数据库。

sudo mkdir -p /etc/postfix/sql

打开文本编辑器并创建以下文件:

/etc/postfix/sql/mysql_virtual_domains_maps.cf

user = postfixadmin

password = P4ssvv0rD

hosts = 127.0.0.1

dbname = postfixadmin

query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

/etc/postfix/sql/mysql_virtual_alias_maps.cf

user = postfixadmin

password = P4ssvv0rD

hosts = 127.0.0.1

dbname = postfixadmin

query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

user = postfixadmin

password = P4ssvv0rD

hosts = 127.0.0.1

dbname = postfixadmin

query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

user = postfixadmin

password = P4ssvv0rD

hosts = 127.0.0.1

dbname = postfixadmin

query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

/etc/postfix/sql/mysql_virtual_mailbox_maps.cf

user = postfixadmin

password = P4ssvv0rD

hosts = 127.0.0.1

dbname = postfixadmin

query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'

/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

user = postfixadmin

password = P4ssvv0rD

hosts = 127.0.0.1

dbname = postfixadmin

query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

创建SQL配置文件后,更新主Postfix配置文件以包含有关存储在MySQL数据库中的虚拟域,用户和别名的信息。

sudo postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"sudo postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"sudo postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"

postconf命令显示配置参数的实际值,更改配置参数值或显示有关Postfix邮件系统的其他配置信息。

本地交付代理会将传入的电子邮件传递到用户的邮箱。运行以下命令将Dovecot的LMTP服务设置为默认邮件传输服务:

sudo postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"

使用先前生成的Let的加密SSL证书设置TL参数:

sudo postconf -e 'smtp_tls_security_level = may'sudo postconf -e 'smtpd_tls_security_level = may'sudo postconf -e 'smtp_tls_note_starttls_offer = yes'sudo postconf -e 'smtpd_tls_loglevel = 1'sudo postconf -e 'smtpd_tls_received_header = yes'sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/mail.myfreax.com/fullchain.pem'sudo postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/mail.myfreax.com/privkey.pem'

配置经过身份验证的SMTP设置并将身份验证移交给Dovecot:

sudo postconf -e 'smtpd_sasl_type = dovecot'sudo postconf -e 'smtpd_sasl_path = private/auth'sudo postconf -e 'smtpd_sasl_local_domain ='sudo postconf -e 'smtpd_sasl_security_options = noanonymous'sudo postconf -e 'broken_sasl_auth_clients = yes'sudo postconf -e 'smtpd_sasl_auth_enable = yes'sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

我们还需要编辑Postfix主配置文件master.cf并启用提交端口(587)和smtps端口(465)。

使用文本编辑器打开文件并取消注释/编辑以下行:

/etc/postfix/master.cf

submission inet n       -       y       -       -       smtpd

-o syslog_name=postfix/submission

-o smtpd_tls_security_level=encrypt

-o smtpd_sasl_auth_enable=yes

# -o smtpd_reject_unlisted_recipient=no

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

# -o smtpd_helo_restrictions=$mua_helo_restrictions

# -o smtpd_sender_restrictions=$mua_sender_restrictions

# -o smtpd_recipient_restrictions=

# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

smtps inet n - y - - smtpd

-o syslog_name=postfix/smtps

-o smtpd_tls_wrappermode=yes

-o smtpd_sasl_auth_enable=yes

# -o smtpd_reject_unlisted_recipient=no

-o smtpd_client_restrictions=permit_sasl_authenticated,reject

# -o smtpd_helo_restrictions=$mua_helo_restrictions

# -o smtpd_sender_restrictions=$mua_sender_restrictions

# -o smtpd_recipient_restrictions=

# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject

-o milter_macro_daemon_name=ORIGINATING

重新启动Postfix服务以使更改生效。

sudo systemctl restart postfix

此时您已成功配置Postfix服务。

配置Dovecot

在本节中,我们将配置Dovecot以匹配我们的设置

首先配置dovecot-sql.conf.ext指示Dovecot如何访问数据库的文件以及如何查找有关电子邮件帐户的信息。

/etc/dovecot/dovecot-sql.conf.ext

driver = mysql

connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=P4ssvv0rD

default_pass_scheme = MD5-CRYPT

iterate_query = SELECT username AS user FROM mailbox

user_query = SELECT CONCAT('/var/mail/vmail/',maildir) AS home, \

CONCAT('maildir:/var/mail/vmail/',maildir) AS mail, \

5000 AS uid, 5000 AS gid, CONCAT('*:bytes=',quota) AS quota_rule \

FROM mailbox WHERE username = '%u' AND active = 1

password_query = SELECT username AS user,password FROM mailbox \

WHERE username = '%u' AND active='1'

不要忘记使用正确的MySQL凭据(数据库,用户和密码)。

接下来,编辑conf.d/10-mail.conf文件并编辑以下变量:

/etc/dovecot/conf.d/10-mail.conf

...

mail_location = maildir:/var/mail/vmail/%d/%n

...

mail_uid = vmail

mail_gid = vmail

...

first_valid_uid = 5000

last_valid_uid = 5000

...

mail_privileged_group = vmail

...

mail_plugins = quota

...

要使身份验证工作,请打开conf.d/10-auth.conf,编辑以下行并包含该auth-sql.conf.ext文件:

/etc/dovecot/conf.d/10-auth.conf

...

disable_plaintext_auth = yes

...

auth_mechanisms = plain login

...

#!include auth-system.conf.ext

!include auth-sql.conf.ext

...

打开conf.d/10-master.conf文件,并按如下所示进行修改:

/etc/dovecot/conf.d/10-master.conf

...

service lmtp {

unix_listener /var/spool/postfix/private/dovecot-lmtp {

mode = 0600

user = postfix

group = postfix

}

...

}

...

service auth {

...

unix_listener auth-userdb {

mode = 0600

user = vmail

group = vmail

}

...

unix_listener /var/spool/postfix/private/auth {

mode = 0666

user = postfix

group = postfix

}

...

}

...

service auth-worker {

user = vmail

}

...

service dict {

unix_listener dict {

mode = 0660

user = vmail

group = vmail

}

}

...

打开conf.d/10-ssl.conf并启用SSL / TLS。

/etc/dovecot/conf.d/10-ssl.conf

...

ssl = yes

...

ssl_cert = </etc/letsencrypt/live/mail.myfreax.com/fullchain.pem

ssl_key = </etc/letsencrypt/live/mail.myfreax.com/privkey.pem

ssl_dh = </etc/ssl/certs/dhparam.pem

...

ssl_cipher_list = EECDH+AES:EDH+AES+aRSA

...

ssl_prefer_server_ciphers = yes

...

确保使用SSL证书文件的正确路径。如果你之前已经配置过PostFix,你应该已经有fullchain.pemprivkey.pemdhparam.pem 文件在您的服务器上。有关如何创建免费的Let't Encrypt SSL证书和Diffie-Hellman密钥的更多信息,请查看本教程

打开conf.d/20-imap.conf文件并激活imap_quota插件:

/etc/dovecot/conf.d/20-imap.conf

...

protocol imap {

...

mail_plugins = $mail_plugins imap_quota

...

}

...

打开conf.d/20-lmtp.conf文件并按如下所示进行编辑:

/etc/dovecot/conf.d/20-lmtp.conf

...

protocol lmtp {

postmaster_address = [email protected]

mail_plugins = $mail_plugins

}

...

conf.d/20-lmtp.conf文件中定义默认邮箱:

/etc/dovecot/conf.d/15-mailboxes.conf

...

mailbox Drafts {

special_use = \Drafts

}

mailbox Spam {

special_use = \Junk

auto = subscribe

}

mailbox Junk {

special_use = \Junk

}

...

有两种不同类型的配额大小,一种是针对整个域设置的,另一种是针对每个用户邮箱设置的。在本系列的前一部分中,我们已经在PostfixAdmin中启用了配额支持,这意味着配额信息将存储在PostfixAdmin数据库中

现在,我们需要配置Dovecot以连接到数据库,处理配额限制以及运行脚本,当用户的配额超过指定限制时,该脚本会向用户发送邮件。为此,请打开conf.d/90-quota.conf文件并按如下所示进行修改:

/etc/dovecot/conf.d/90-quota.conf

plugin {

quota = dict:User quota::proxy::sqlquota

quota_rule = *:storage=5GB

quota_rule2 = Trash:storage=+100M

quota_grace = 10%%

quota_exceeded_message = Quota exceeded, please contact your system administrator.

quota_warning = storage=100%% quota-warning 100 %u

quota_warning2 = storage=95%% quota-warning 95 %u

quota_warning3 = storage=90%% quota-warning 90 %u

quota_warning4 = storage=85%% quota-warning 85 %u

}

service quota-warning {

executable = script /usr/local/bin/quota-warning.sh

user = vmail

unix_listener quota-warning {

group = vmail

mode = 0660

user = vmail

}

}

dict {

sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext

}

我们还需要告诉dovecot如何访问SQL配额字典。打开dovecot-dict-sql.conf.ext文件并编辑以下行:

/etc/dovecot/dovecot-dict-sql.conf.ext

...

connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=P4ssvv0rD

...

map {

pattern = priv/quota/storage

table = quota2

username_field = username

value_field = bytes

}

map {

pattern = priv/quota/messages

table = quota2

username_field = username

value_field = messages

}

...

# map {

# pattern = shared/expire/$user/$mailbox

# table = expires

# value_field = expire_stamp

#

# fields {

# username = $user

# mailbox = $mailbox

# }

# }

...

确保使用正确的MySQL凭据(数据库,用户和密码)。

创建以下shell脚本,如果其配额超出指定限制,将向用户发送电子邮件:

/usr/local/bin/quota-warning.sh

#!/bin/sh

PERCENT=$1

USER=$2

cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=dict:User quota::noenforcing:proxy::sqlquota"

From: [email protected]

Subject: Quota warning

Your mailbox is now $PERCENT% full.

EOF

通过运行以下命令使脚本可执行:

sudo chmod +x /usr/local/bin/quota-warning.sh

最后重启dovecot服务以使更改生效。

sudo systemctl dovecot restart

至此,您应该拥有功能齐全的邮件系统,在下一篇文章中我们将会配置并集成Rspamd邮件过滤器,如果你喜欢我们的内容可以选择在下方二维码中捐赠我们,或者点击广告予以支持,感谢你的支持

以上是 安装并配置Postfix和Dovecot构建完整邮件服务 的全部内容, 来源链接: utcz.com/z/506947.html

回到顶部