Ubuntu 14.04上安装和配置Postfix邮件服务详细教程
Postfix: 用来接受和发送邮件的邮件服务器,正确说法应该叫邮件传送代理(Mail Transfer Agent,MTA),是邮件服务最重要的部分;
Dovecot: POP 和 IMAP 服务器,用来管理本地邮件目录以便用户能通过 Mail.app, Thunderbird, Mutt 等邮件客户端(又叫邮件用户代理 Mail User Agent, MUA)登陆和下载邮件;
Postgrey: 邮件灰名单工具,可简单的抵挡垃圾邮件;
amavisd-new: 一个代理,用于连接邮件传输代理和内容检查器,可以理解为 Postfix 把邮件交给它,它负责联系病毒扫描和垃圾邮件过滤;
Clam AntiVirus: 病毒扫描工具;
SpamAssassin: 垃圾邮件内容过滤工具;
Postfix Admin: Postfix 的 Web 前端,用来管理邮件用户和域名。
设置主机名(不要跳过这一步):
# hostname mail.seniorit.cn
# vi /etc/hosts
127.0.0.1 mail.seniorit.cn localhost
更新系统:
$ sudo apt-get update
$ sudo apt-get upgrade
安装必要软件包
apt-get install apache2 mysql-server php5 php-apc php-xml-parser php5-cli php5-common php5-dev php5-curl php5-memcache php5-gd php-pear php5-imap php5-mcrypt php5-xmlrpc php5-xsl php5-mysql php5-ldap php5-mcrypt php5-cli php-soap php5-json php5-imap phpmyadmin
安装 LAMP,Postfix 本身不需要 Apache/PHP/MySQL,但是因为要安装 Postfix Admin,并且管理用户需要用到数据库,所以要安装 Apache/PHP 和 MySQL.
$ sudo apt-get install lamp-server^
$ sudo apt-get install php-apc php5-curl php5-gd php-xml-parser php5-imap
安装邮件服务器及一些工具:
$sudo apt-get install mail-server^
$sudo apt-get install postfix-mysql dovecot-mysql postgrey -y
$sudo apt-get install amavis clamav clamav-daemon spamassassin -y
$sudo apt-get install libnet-dns-perl pyzor razor -y
$sudo apt-get install arj bzip2 cabextract cpio file gzip nomarch pax unzip zip -y
配置 Apache
编辑 apache 配置文件后重启:
sudo vi /etc/apache2/apache2.conf
add:
ServerName localhost:80
Configure PHP:
change the expose_php setting in /etc/php5/apache2/php.ini. Set it to "Off":
expose_php = Off
add/modify the following settings:
post_max_size = 32M
upload_max_filesize = 32M
memory_limit = 768M
php5enmod imap mcrypt
$ sudo /etc/init.d/apache2 restart
配置 MySQL 数据库
创建一个名为 mail 的数据库并设置权限和密码:
$ mysql -uroot -p
mysql> create database mail;
mysql> grant all on mail.* to ‘mail‘@‘localhost‘ identified by ‘nipc#123‘;
配置 Postfix Admin
下载 psotfixadmin,
wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.8/postfixadmin-2.3.8.tar.gz
tar -zxf postfixadmin-2.3.8.tar.gz
mv postfixadmin-2.3.8 /var/www/html/postfixadmin
chown -R www-data:www-data /var/www/html/postfixadmin
配置 postfixamdin,标准的 php 程序配置方法,填入访问数据库需要的信息,其中 setup_password 部分稍后再填入:
$ sudo vi /var/www/html/postfixadmin/config.inc.php
...
$CONF[‘configured‘] = true;
$CONF[‘setup_password‘] = ‘稍后替代‘;
$CONF[‘postfix_admin_url‘] = ‘http://mail.seniorit.cn/postfixadmin‘;
$CONF[‘database_type‘] = ‘mysql‘;
$CONF[‘database_host‘] = ‘localhost‘;
$CONF[‘database_user‘] = ‘mail‘;
$CONF[‘database_password‘] = ‘nipc#123‘;
$CONF[‘database_name‘] = ‘mail‘;
$CONF[‘admin_email‘] = ‘[email protected]‘;
$CONF[‘encrypt‘] = ‘md5crypt‘;
...
用浏览器访问 http://mail.seniorit.cn/postfixadmin/setup.php,用哈希后的密码字符串替代上面 $CONF[‘setup_password’] = ‘稍后替代’ 中的相关部分。
为了安全考虑,最好禁止 web 访问 setup.php:
$ sudo vi /var/www/postfixadmin/.htaccess
<Files "setup.php">
deny from all
</Files>
配置 Dovecot
给系统添加 vmail 帐号:
$ sudo useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mail" vmail
$ sudo mkdir /var/vmail
$ sudo chmod 770 /var/vmail
$ sudo chown vmail:mail /var/vmail
开始配置 Dovecot,dovecot 支持多种认证方式,这里采用数据库认证,
注意下面的配置文件一个包含一个,初看比较乱,
10-auth.conf 有 !include auth-sql.conf.ext 一行,会包含 /etc/dovecot/conf.d/auth-sql.conf.ext,
而 auth-sql.conf.ext 会包含下面要提到的 /etc/dovecot/dovecot-sql.conf.ext,
这样只要用不同的 include 就可以切换不同的认证方式,虽然初看复杂一点但是熟悉以后用起来还是挺方便的。
$ sudo vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-sql.conf.ext
配置 Dovecot,设置数据库参数,以便 dovecot 能正确访问刚才创建的 mail 数据库:
$ sudo vi /etc/dovecot/dovecot-sql.conf.ext
...
driver = mysql
connect = host=localhost dbname=mail user=mail password=nipc#123
default_pass_scheme = MD5-CRYPT
...
password_query = \
SELECT username as user, password, ‘/var/vmail/%d/%n‘ as userdb_home, \
‘maildir:/var/vmail/%d/%n‘ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid \
FROM mailbox WHERE username = ‘%u‘ AND active = ‘1‘
user_query = \
SELECT ‘/var/vmail/%d/%n‘ as home, ‘maildir:/var/vmail/%d/%n‘ as mail, \
150 AS uid, 8 AS gid, concat(‘dirsize:storage=‘, quota) AS quota \
FROM mailbox WHERE username = ‘%u‘ AND active = ‘1‘
...
用户在服务器上用来存放邮件的地方在哪呢?所以需要指定邮件存放地址 /var/vmail,这个目录上面在创建 vmail 帐号时已经创建了:
$ sudo vi /etc/dovecot/conf.d/10-mail.conf
...
mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
mail_gid = mail
...
修改 /etc/dovecot/conf.d/10-master.conf
$ sudo vi /etc/dovecot/conf.d/10-master.conf
...
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
group = mail
}
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
...
确认 dovecot 有权限读取配置文件:
$ sudo chown -R vmail:dovecot /etc/dovecot
$ sudo chmod -R o-rwx /etc/dovecot
配置 Amavis, ClamAV, SpamAssassin
互加 clamav, amavis 用户到对方组里以便能互相访问,配置过滤模式:
$ sudo adduser clamav amavis
$ sudo adduser amavis clamav
$ sudo vi /etc/amavis/conf.d/15-content_filter_mode
use strict;
@bypass_virus_checks_maps = (
%bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re);
@bypass_spam_checks_maps = (
%bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);
1; # ensure a defined return
启用 spamassassin:
$ sudo vi /etc/default/spamassassin
...
ENABLED=1
CRON=1
...
配置 Postfix
main.cf 是 postfix 的主要配置文件:
$ sudo /etc/postfix/main.cf
...
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
myhostname = mail.seniorit.cn
myorigin = /etc/hostname
mydestination = mail.seniorit.cn, localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
mynetworks_style = host
virtual_mailbox_base = /var/vmail/
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf,
mysql:/etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
mail_spool_directory = /var/mail
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
content_filter = amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
...
注意上面配置有行 header_checks = regexp:/etc/postfix/header_checks,我们现在还没有 header_checks 文件,创建一个并包含一下内容,给自己邮件增加一点隐私,过滤一些信息:
$ sudo vi /etc/postfix/header_checks
/^Received:/ IGNORE
/^User-Agent:/ IGNORE
/^X-Mailer:/ IGNORE
/^X-Originating-IP:/ IGNORE
/^x-cr-[a-z]*:/ IGNORE
/^Thread-Index:/ IGNORE
还需要配置 master.cf 文件:
$ sudo vi /etc/postfix/master.cf
...
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)
还需要配置几个文件:
$ sudo vi /etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
user = mail
password = nipc#123
hosts = 127.0.0.1
dbname = mail
query = SELECT goto FROM alias,alias_domain
WHERE alias_domain.alias_domain = ‘%d‘
AND alias.address=concat(‘%u‘, ‘@‘, alias_domain.target_domain)
AND alias.active = 1
$ sudo vi /etc/postfix/mysql_virtual_alias_maps.cf
user = mail
password = nipc#123
hosts = 127.0.0.1
dbname = mail
table = alias
select_field = goto
where_field = address
additional_conditions = and active = ‘1‘
$ sudo vi /etc/postfix/mysql_virtual_domains_maps.cf
user = mail
password = nipc#123
hosts = 127.0.0.1
dbname = mail
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = ‘0‘ and active = ‘1‘
$ sudo vi /etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
user = mail
password = nipc#123
hosts = 127.0.0.1
dbname = mail
query = SELECT maildir FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = ‘%d‘
AND mailbox.username=concat(‘%u‘, ‘@‘, alias_domain.target_domain )
AND mailbox.active = 1
$ sudo vi /etc/postfix/mysql_virtual_mailbox_maps.cf
user = mail
password = nipc#123
hosts = 127.0.0.1
dbname = mail
table = mailbox
select_field = CONCAT(domain, ‘/‘, local_part)
where_field = username
additional_conditions = and active = ‘1‘
大功告成,重启相关服务:
$ sudo service spamassassin restart
$ sudo service clamav-daemon restart
$ sudo service amavis restart
$ sudo service dovecot restart
$ sudo service postfix restart
测试 Postfix
用 telnet 连上邮件服务器的 25 端口(SMTP),然后发送 HELO mail.seniorit.cn 指令就会得到 250 mail.seniorit.cn 确认信息:
$ telnet mail.seniorit.cn 25
Trying 192.168.2.66...
Connected to mail.seniorit.cn.
Escape character is ‘^]‘.
220 mail.seniorit.cn ESMTP Postfix (Ubuntu)
HELO mail.seniorit.cn
250 mail.seniorit.cn
用 telnet 发送一封邮件试一下,下面的 MAIL FROM, RCPT TO, DATA, ., QUIT 都是指令:
$ telnet mail.seniorit.cn 25
Trying 192.168.2.66...
Connected to mail.seniorit.cn.
Escape character is ‘^]‘.
220 mail.seniorit.cn ESMTP Postfix (Ubuntu)
MAIL FROM:<[email protected]>
250 2.1.0 Ok
RCPT TO:<[email protected]>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: a test message
This is a test message!
.
250 2.0.0 Ok: queued as 6832FF0036
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
Installing and configuring squirrelmail
sudo apt-get install squirrelmail
Configure squirrelmail
sudo squirrelmail-configure
Everything is pre-configured , we just need to change Organization name .
? Press 1 (Organization Preferences) ? again press 1 (Organization Name) ?
Organization Name ? Press S ? Press Q to quit
Now configure apache to enable squirrelmail .
sudo cp /etc/squirrelmail/apache.conf /etc/apache2/sites-available/squirrelmail.conf
sudo a2ensite squirrelmail
sudo service apache2 restart
Now open http://serverIP/squirrelmail in your browser and login using username