邮件服务器配置之所以麻烦是因为需要了解很多东西,牵涉到域名服务 DNS/Bind,Web 收发邮件 Apache/PHP/MySQL/SquirrelMail,认证服务 LDAP, Kerberos, PAM,邮件通常存放在额外存储上还要 NFS/SAN,邮件服务 Postfix/Dovecot,反垃圾反病毒 Postgrey/Clam AV/SpamAssassion,安全认证 SSL,监控和备份等等,这一套下来基本包括了 Linux 系统管理的方方面面,所以说配置一个安全可靠的企业级邮件系统不容易,足够写一本书。个人配置邮件服务器通常不需要 LDAP/Kerbersos/NFS/SAN/SSL 这些,剔除这些后就不是那么复杂了,不过再想一下,个人有必要配置邮件服务器么?直接用免费的 Google App 不是很方便么。
准备工作
简单介绍一下我们将要安装的软件包:
Postfix: 用来接受和发送邮件的邮件服务器,正确说法应该叫邮件传送代理(Mail Transfer Agent,MTA),是邮件服务最重要的部分;
Dovecot: POP 和 IMAP 服务器,用来管理本地邮件目录以便用户能通过 Mail.app, Thunderbird, Mutt 等邮件客户端(又叫邮件用户代理 Mail User Agent, MUA)登陆和下载邮件;
Postgrey: 邮件灰名单工具,可简单的抵挡垃圾邮件;
amavisd-new: 一个代理,用于连接邮件传输代理和内容检查器,可以理解为 Postfix 把邮件交给它,它负责联系病毒扫描和垃圾邮件过滤;
Clam AntiVirus: 病毒扫描工具;
SpamAssassin: 垃圾邮件内容过滤工具;
Postfix Admin: Postfix 的 Web 前端,用来管理邮件用户和域名。
设置主机名(不要跳过这一步):
# hostname mail.vpsee.com
# vi /etc/hosts
127.0.0.1 mail.vpsee.com localhost
更新系统:
$ sudo apt-get update
$ sudo apt-get upgrade
安装必要软件包
安装 LAMP,Postfix 本身不需要 Apache/PHP/MySQL,但是因为要安装 Postfix Admin,并且管理用户需要用到数据库,所以要安装 Apache/PHP 和 MySQL.
$ sudo apt-get install lamp-server^
$ sudo apt-get install php-apc php5-curl php5-gd php-xml-parser php5-imap
安装邮件服务器及一些工具:
$sudo apt-get install mail-server^
$sudo apt-get install postfix-mysql dovecot-mysql postgrey
$sudo apt-get install amavis clamav clamav-daemon spamassassin
$sudo apt-get install libnet-dns-perl pyzor razor
$sudo apt-get install arj bzip2 cabextract cpio file gzip nomarch pax unzip zip
配置 Apache
编辑 apache 配置文件后重启:
$ sudo vi /etc/apache2/sites-available/default
...
DocumentRoot /var/www
Options FollowSymLinks
AllowOverride None
...
$ sudo /etc/init.d/apache2 restart
配置 MySQL 数据库
创建一个名为 mail 的数据库并设置权限和密码:
$ mysql -uroot -p
mysql> create database mail;
mysql> grant all on mail.* to 'mail'@'localhost' identified by 'password';
配置 Postfix Admin
下载 psotfixadmin,解压后放到 /var/www:
$ wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.5/postfixadmin-2.3.5.tar.gz
$ gunzip postfixadmin-2.3.5.tar.gz
$ tar -xf postfixadmin-2.3.5.tar
$ sudo mv postfixadmin-2.3.5 /var/www/postfixadmin
$ sudo chown -R www-data:www-data /var/www/postfixadmin
配置 postfixamdin,标准的 php 程序配置方法,填入访问数据库需要的信息,其中 setup_password 部分稍后再填入:
$ sudo vi /var/www/postfixadmin/config.inc.php
...
$CONF['configured'] = true;
$CONF['setup_password'] = '稍后替代';
$CONF['postfix_admin_url'] = 'http://mail.vpsee.com/postfixadmin';
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'mail';
$CONF['database_password'] = 'password';
$CONF['database_name'] = 'mail';
$CONF['admin_email'] = '[email protected]';
$CONF['encrypt'] = 'md5crypt';
...
用浏览器访问 http://mail.vpsee.com/postfixadmin/setup.php,用哈希后的密码字符串替代上面 $CONF[‘setup_password’] = ‘稍后替代’ 中的相关部分。
为了安全考虑,最好禁止 web 访问 setup.php:
$ sudo vi /var/www/postfixadmin/.htaccess
deny from all
配置 Dovecot
给系统添加 vmail 帐号:
$ sudo useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mail" vmail
$ sudo mkdir /var/vmail
$ sudo chmod 770 /var/vmail
$ sudo chown vmail:mail /var/vmail
开始配置 Dovecot,dovecot 支持多种认证方式,这里采用数据库认证,注意下面的配置文件一个包含一个,初看比较乱,10-auth.conf 有 !include auth-sql.conf.ext 一行,会包含 /etc/dovecot/conf.d/auth-sql.conf.ext,而 auth-sql.conf.ext 会包含下面要提到的 /etc/dovecot/dovecot-sql.conf.ext,这样只要用不同的 include 就可以切换不同的认证方式,虽然初看复杂一点但是熟悉以后用起来还是挺方便的。
$ sudo vi /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-sql.conf.ext
配置 Dovecot,设置数据库参数,以便 dovecot 能正确访问刚才创建的 mail 数据库:
$ sudo vi /etc/dovecot/dovecot-sql.conf.ext
...
driver = mysql
connect = host=localhost dbname=mail user=mail password=password
default_pass_scheme = MD5-CRYPT
...
password_query =
SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home,
'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid
FROM mailbox WHERE username = '%u' AND active = '1'
user_query =
SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail,
150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota
FROM mailbox WHERE username = '%u' AND active = '1'
...
用户在服务器上用来存放邮件的地方在哪呢?所以需要指定邮件存放地址 /var/vmail,这个目录上面在创建 vmail 帐号时已经创建了:
$ sudo vi /etc/dovecot/conf.d/10-mail.conf
...
mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
mail_gid = mail
...
修改 /etc/dovecot/conf.d/10-master.conf
$ sudo vi /etc/dovecot/conf.d/10-master.conf
...
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
group = mail
}
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
...
确认 dovecot 有权限读取配置文件:
$ sudo chown -R vmail:dovecot /etc/dovecot
$ sudo chmod -R o-rwx /etc/dovecot
配置 Amavis, ClamAV, SpamAssassin
互加 clamav, amavis 用户到对方组里以便能互相访问,配置过滤模式:
$ sudo adduser clamav amavis
$ sudo adduser amavis clamav
$ sudo vi /etc/amavis/conf.d/15-content_filter_mode
use strict;
@bypass_virus_checks_maps = (
%bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re);
@bypass_spam_checks_maps = (
%bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);
1; # ensure a defined return
启用 spamassassin:
$ sudo vi /etc/default/spamassassin
...
ENABLED=1
CRON=1
...
配置 Postfix
main.cf 是 postfix 的主要配置文件:
$ sudo /etc/postfix/main.cf
...
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
myhostname = mail.vpsee.com
myorigin = /etc/hostname
mydestination = mail.vpsee.com, localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
mynetworks_style = host
virtual_mailbox_base = /var/vmail/
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/m
ysql_virtual_alias_domainaliases_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
mail_spool_directory = /var/mail
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
content_filter = amavis:[127.0.0.1]:10024
header_checks = regexp:/etc/postfix/header_checks
...
注意上面配置有行 header_checks = regexp:/etc/postfix/header_checks,我们现在还没有 header_checks 文件,创建一个并包含一下内容,给自己邮件增加一点隐私,过滤一些信息:
$ sudo vi /etc/postfix/header_checks
/^Received:/ IGNORE
/^User-Agent:/ IGNORE
/^X-Mailer:/ IGNORE
/^X-Originating-IP:/ IGNORE
/^x-cr-[a-z]*:/ IGNORE
/^Thread-Index:/ IGNORE
还需要配置 master.cf 文件:
$ sudo vi /etc/postfix/master.cf
...
smtps inet n - - - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintext
-o smtpd_sasl_tls_security_options=noanonymous
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
dovecot unix - n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)
还需要配置几个文件:
$ sudo vi /etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
query = SELECT goto FROM alias,alias_domain
WHERE alias_domain.alias_domain = '%d'
AND alias.address=concat('%u', '@', alias_domain.target_domain)
AND alias.active = 1
$ sudo vi /etc/postfix/mysql_virtual_alias_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'
$ sudo vi /etc/postfix/mysql_virtual_domains_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'
$ sudo vi /etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
query = SELECT maildir FROM mailbox, alias_domain
WHERE alias_domain.alias_domain = '%d'
AND mailbox.username=concat('%u', '@', alias_domain.target_domain )
AND mailbox.active = 1
$ sudo vi /etc/postfix/mysql_virtual_mailbox_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
table = mailbox
select_field = CONCAT(domain, '/', local_part)
where_field = username
additional_conditions = and active = '1'
大功告成,重启相关服务:
$ sudo service spamassassin restart
$ sudo service clamav-daemon restart
$ sudo service amavis restart
$ sudo service dovecot restart
$ sudo service postfix restart
测试 Postfix
用 telnet 连上邮件服务器的 25 端口(SMTP),然后发送 HELO mail.vpsee.com 指令就会得到 250 mail.vpsee.com 确认信息:
$ telnet mail.vpsee.com 25
Trying 192.168.2.66...
Connected to mail.vpsee.com.
Escape character is '^]'.
220 mail.vpsee.com ESMTP Postfix (Ubuntu)
HELO mail.vpsee.com
250 mail.vpsee.com
用 telnet 发送一封邮件试一下,下面的 MAIL FROM, RCPT TO, DATA, ., QUIT 都是指令:
$ telnet mail.vpsee.com 25
Trying 192.168.2.66...
Connected to mail.vpsee.com.
Escape character is '^]'.
220 mail.vpsee.com ESMTP Postfix (Ubuntu)
MAIL FROM:
250 2.1.0 Ok
RCPT TO:
250 2.1.5 Ok
DATA
354 End data with
Subject: a test message
This is a test message!
.
250 2.0.0 Ok: queued as 6832FF0036
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
ssh 登陆邮件服务器后去 /var/vmail 邮件目录看一下就可以证实 test2 用户是否收到来自 test1 用户的邮件,当然这个邮件也可以通过 Mail.app, Thunderbird, Mutt 这类工具收到本地电脑上看。
终于把邮件服务器配置好了,看来安装配置这个也不是一件简单的事,祝你顺利。