这是我们的第二篇文章设置和配置邮件服务器系列。在这篇文章中,我们将向您展示如何安装和配置 Postfix 和 Dovecot,这是我们邮件系统的两个主要组件。
Postfix 是一个开源邮件传输代理 (MTA),是一种用于发送和接收电子邮件的服务。 Dovecot 是一个 IMAP/POP3 服务器,在我们的设置中,它还将处理本地交付和用户身份验证。
本教程是为 Ubuntu 16.04 编写的,但是经过少量修改的相同步骤应该适用于任何较新的版本Ubuntu 版本
.
先决条件#
在继续本教程之前,请确保您以以下身份登录具有 sudo 权限的用户
.
安装 Postfix 和 Dovecot#
Ubuntu 默认存储库中的 Dovecot 软件包已过时。为了利用imap_sieve
在模块中,我们将从 Dovecot 社区存储库安装 Dovecot。
使用以下命令将存储库 GPG 密钥添加到您的 apt 源密钥环wget命令
:
wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -
使用以下命令启用 Dovecot 社区存储库:
echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list
sudo apt update
sudo debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"
sudo debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
sudo apt install postfix postfix-mysql dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql
后缀配置#
我们将设置 Postfix 以使用虚拟邮箱和域。
首先创建sql
配置文件将指示 postfix 如何访问MySQL数据库,创建于本系列的第一部分
.
sudo mkdir -p /etc/postfix/sql
打开文本编辑器并创建以下文件:
/etc/postfix/sql/mysql_virtual_domains_maps.cf
user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
/etc/postfix/sql/mysql_virtual_alias_maps.cf
user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
创建 SQL 配置文件后,更新主后缀配置文件以包含有关存储在 SQL 配置文件中的虚拟域、用户和别名的信息。MySQL数据库
.
sudo postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"
sudo postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"
sudo postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"
postconf 命令显示配置参数的实际值、更改配置参数值或显示有关 Postfix 邮件系统的其他配置信息。
本地投递代理会将收到的电子邮件投递到用户的邮箱。运行以下命令将 Dovecot 的 LMTP 服务设置为默认邮件传送传输:
sudo postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"
使用之前生成的 Let’s encrypt SSL 证书设置 TL 参数:
sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/mail.linuxize.com/fullchain.pem'
sudo postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/mail.linuxize.com/privkey.pem'
配置经过身份验证的 SMTP 设置并将身份验证移交给 Dovecot:
sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth'
sudo postconf -e 'smtpd_sasl_local_domain ='
sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
我们还需要编辑 Postfix 主配置文件master.cf
并启用提交端口(587
)和 smtps 端口(465
).
使用您的打开文件文本编辑器并取消注释/编辑以下行:
/etc/postfix/master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
重新启动 postfix 服务以使更改生效。
sudo systemctl restart postfix
至此您已经成功配置Postfix服务。
在本节中,我们将配置 Dovecot 以匹配我们的设置。确保编辑以黄色突出显示的行。
首先配置dovecot-sql.conf.ext
文件,指示 Dovecot 如何访问数据库以及如何查找有关电子邮件帐户的信息。
/etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=P4ssvv0rD
default_pass_scheme = MD5-CRYPT
iterate_query = SELECT username AS user FROM mailbox
user_query = SELECT CONCAT('/var/mail/vmail/',maildir) AS home, \
CONCAT('maildir:/var/mail/vmail/',maildir) AS mail, \
5000 AS uid, 5000 AS gid, CONCAT('*:bytes=',quota) AS quota_rule \
FROM mailbox WHERE username = '%u' AND active = 1
password_query = SELECT username AS user,password FROM mailbox \
WHERE username = '%u' AND active='1'
不要忘记使用正确的 MySQL 凭据(数据库名称、用户和密码)。
接下来,编辑conf.d/10-mail.conf
文件并编辑以下变量:
/etc/dovecot/conf.d/10-mail.conf
...
mail_location = maildir:/var/mail/vmail/%d/%n
...
mail_uid = vmail
mail_gid = vmail
...
first_valid_uid = 5000
last_valid_uid = 5000
...
mail_privileged_group = vmail
...
mail_plugins = quota
...
要进行身份验证,请打开conf.d/10-auth.conf
,编辑以下行并包含auth-sql.conf.ext
file:
/etc/dovecot/conf.d/10-auth.conf
...
disable_plaintext_auth = yes
...
auth_mechanisms = plain login
...
#!include auth-system.conf.ext
!include auth-sql.conf.ext
...
打开conf.d/10-master.conf
文件,并修改如下:
/etc/dovecot/conf.d/10-master.conf
...
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
...
}
...
service auth {
...
unix_listener auth-userdb {
mode = 0600
user = vmail
group = vmail
}
...
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
...
}
...
service auth-worker {
user = vmail
}
...
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
...
打开conf.d/10-ssl.conf
并启用 SSL/TLS。
/etc/dovecot/conf.d/10-ssl.conf
...
ssl = yes
...
ssl_cert = </etc/letsencrypt/live/mail.linuxize.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.linuxize.com/privkey.pem
ssl_dh = </etc/ssl/certs/dhparam.pem
...
ssl_cipher_list = EECDH+AES:EDH+AES+aRSA
...
ssl_prefer_server_ciphers = yes
...
确保使用 SSL 证书文件的正确路径。
如果您从一开始就关注本系列,那么您应该已经掌握了fullchain.pem
, privkey.pem
, dhparam.pem
在您的服务器上创建的文件。有关如何创建免费的 Let's encrypt SSL 证书和 Diffie–Hellman 密钥的更多信息,请查看此内容tutorial
.
谢谢Nevyn注意到问题并提供解决方案。
打开conf.d/20-imap.conf
文件并激活imap_quota
plugin:
/etc/dovecot/conf.d/20-imap.conf
...
protocol imap {
...
mail_plugins = $mail_plugins imap_quota
...
}
...
打开conf.d/20-lmtp.conf
文件并按如下方式编辑:
/etc/dovecot/conf.d/20-lmtp.conf
...
protocol lmtp {
postmaster_address = postmaster@linuxize.com
mail_plugins = $mail_plugins
}
...
定义默认邮箱conf.d/15-mailboxes.conf
file:
/etc/dovecot/conf.d/15-mailboxes.conf
...
mailbox Drafts {
special_use = \Drafts
}
mailbox Spam {
special_use = \Junk
auto = subscribe
}
mailbox Junk {
special_use = \Junk
}
...
有两种不同类型的配额大小,一种是为整个域设置的,另一种是为每个用户邮箱设置的。在本系列的前一部分中,我们已经在 PostfixAdmin 中启用了配额支持,这意味着配额信息将存储在 PostfixAdmin 数据库中。
现在我们需要配置 Dovecot 连接到数据库,处理配额限制并运行一个脚本,当用户的配额超过指定限制时向用户发送邮件。为此,请打开conf.d/90-quota.conf
文件并修改如下:
/etc/dovecot/conf.d/90-quota.conf
plugin {
quota = dict:User quota::proxy::sqlquota
quota_rule = *:storage=5GB
quota_rule2 = Trash:storage=+100M
quota_grace = 10%%
quota_exceeded_message = Quota exceeded, please contact your system administrator.
quota_warning = storage=100%% quota-warning 100 %u
quota_warning2 = storage=95%% quota-warning 95 %u
quota_warning3 = storage=90%% quota-warning 90 %u
quota_warning4 = storage=85%% quota-warning 85 %u
}
service quota-warning {
executable = script /usr/local/bin/quota-warning.sh
user = vmail
unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
}
}
dict {
sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
我们还需要告诉 dovecot 如何访问配额 SQL 字典。打开dovecot-dict-sql.conf.ext
文件并编辑以下行:
/etc/dovecot/dovecot-dict-sql.conf.ext
...
connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=P4ssvv0rD
...
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
...
# map {
# pattern = shared/expire/$user/$mailbox
# table = expires
# value_field = expire_stamp
#
# fields {
# username = $user
# mailbox = $mailbox
# }
# }
...
确保使用正确的 MySQL 凭据(数据库名称、用户和密码)。
创建以下 shell 脚本,如果用户的配额超过指定限制,该脚本将向用户发送电子邮件:
/usr/local/bin/quota-warning.sh
#!/bin/sh
PERCENT=$1
USER=$2
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=dict:User quota::noenforcing:proxy::sqlquota"
From: postmaster@linuxize.com
Subject: Quota warning
Your mailbox is now $PERCENT% full.
EOF
通过运行以下命令使脚本可执行chmod命令:
sudo chmod +x /usr/local/bin/quota-warning.sh
最后重新启动 dovecot 服务以使更改生效。
sudo systemctl restart dovecot
结论#
现在您应该拥有一个功能齐全的邮件系统。在本系列的下一部分中,我们将向您展示如何安装并集成 Rspamd
.