记录配置 PostFix 邮件服务器过程,由于经常用到,会不定时更新完善
首先配置域名,这个比较简单,我们把这部分工作放到前来,需要配置的域名记录有2个:
A记录,spf记录和mx记录:
1. 新增A记录: mail.xxx.com 到你的服务器 2. 新增MX记录: @(空头)到你 刚才配置的 A记录:mail.xxx.com 3. 新增TXT记录:@(空头)固定值:"v=spf1 a mx ~all"SFP介绍:
就是Sender Policy Framework。SPF可以防止别人伪造你来发邮件,是一个反伪造性邮件的解决方案。当你定义了你的domain name的SPF记录之后,接收邮件方会根据你的SPF记录来确定连接过来的IP地址是否被包含在SPF记录里面,如果在,则认为是一封正确的邮件,否则则认为是一封伪造的邮件。关于更详细的信息请参考RFC4408(http://www.ietf.org/rfc/rfc4408.txt) 一般配置成:“v=spf1 a mx ~all”
下面安装必要软件,用yum安装即可
yum install -y postfix dovecot dovecot-mysql cyrus-sasl-plain cyrus-sasl mailx安装完,开始配置环节
# 设置hostname hostnamectl set-hostname mail.i7do.com cat /etc/hostname vim /etc/hosts //添加下面一行 127.0.0.1 mail.i7do.cn # 检查配置文件 postconf -a postfix check systemctl restart postfix.service systemctl enable postfix.service systemctl restart dovecot vim /etc/dovecot/conf.d/10-auth.conf cp /usr/share/doc/dovecot-2.2.36/example-config/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext vim /etc/dovecot/dovecot-sql.conf.ext修改 main.cf
#修改以下配置 myhostname = mail.i7do.com //邮件服务器的主机名 mydomain = i7do.com //邮件域 myorigin = $mydomain //往外发邮件的邮件域 inet_interfaces = all //监听的网卡 inet_protocols = all mydestination = $myhostname, $mydomain //服务的对象 home_mailbox = Maildir/ //邮件存放的目录 # 规定邮件最大尺寸为10M message_size_limit = 10485760 # 规定收件箱最大容量为1G mailbox_size_limit = 1073741824 # SMTP认证 smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous mynetworks = 127.0.0.0/8 smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination # SSL 加密 smtpd_use_tls = yes smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_key_file = /etc/pki/tls/certs/server.key smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache smtp_tls_CApath = /etc/ssl/certs smtpd_tls_CApath = /etc/ssl/certs smtp_tls_security_level = may smtpd_relay_restrictions = permit_myNetworks,permit_sasl_authenticated,defer_unauth_destination创建证书:
cat /etc/dovecot/dovecot.pem cd /etc/pki/tls/misc ./CA -newca openssl req -new -nodes -keyout mailkey.pem -out mailreg.pem -days 365 rm -f /etc/pki/CA/index.txt touch /etc/pki/CA/index.txt openssl ca -out mail_signed_cert.pem -infiles mailreg.pem vim /etc/pki/tls/openssl.cnf openssl genrsa -des3 -out server.key 2048 openssl req -new -key server.key -out server.csr openssl rsa -in server.key -out server.key openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt openssl x509 -in server.crt -out server.pem -outform PEM修改端口:
vim /etc/postfix/master.cf 打开 smtp smtps创建用户:
useradd fan -s /sbin/nologin echo '123123' | passwd --stdin fan 检查进程是否启动: netstat -anpt | grep dovecot netstat -anpt | grep postfix netstat -anpt | grep smtp netstat -anpt | grep master 测试发送邮件: yum -y install mailx echo '这是测试' | mail -s '你好,164' islacker@qq.com配置mysql
vim /etc/dovecot/dovecot.conf vim /etc/dovecot/conf.d/10-auth.conf ##认证配置文件 打开 include auth-sql.conf.ext出错:
Jul 4 17:54:18 mail dovecot: pop3-login: Login: user=<wx_app_shop@xxx.com>, method=PLAIN, rip=61.151.182.11, lip=139.129.213.170, mpid=30164, TLS, session=<ZyTmn5qponU9l7YL> Jul 4 17:54:18 mail dovecot: pop3(wx_app_shop@xxx.com): Error: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir Jul 4 17:54:18 mail dovecot: pop3(wx_app_shop@i7do.com): Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir top=0/0, retr=0/0, del=0/0, size=0修改:
vim /etc/dovecot/dovecot.conf # 找到下面这行,注释掉,MySQL 版本不需要固定 #mail_location = maildir:~/Maildir 修改为 mail_location = maildir:/home/vmail/%u/Maildir 变量的意义: # %u - username # %n - user part in user@domain, same as %u if there's no domain # %d - domain part in user@domain, empty if there's no domain # %h - home directory问题:
Jul 5 09:07:02 mail postfix/error[3017]: 78FD01205AC: to=xxx@qq.com, relay=none, delay=0.17, delays=0.12/0.04/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
修改/etc/postfix/transport,清空 qq.com slow: 这一行
