Ubuntu 12.04上安装和配置Postfix邮件服务详细教程

作者:袖梨 2022-06-30

邮件服务器配置之所以麻烦是因为需要了解很多东西,牵涉到域名服务 DNS/Bind,Web 收发邮件 Apache/PHP/MySQL/SquirrelMail,认证服务 LDAP, Kerberos, PAM,邮件通常存放在额外存储上还要 NFS/SAN,邮件服务 Postfix/Dovecot,反垃圾反病毒 Postgrey/Clam AV/SpamAssassion,安全认证 SSL,监控和备份等等,这一套下来基本包括了 Linux 系统管理的方方面面,所以说配置一个安全可靠的企业级邮件系统不容易,足够写一本书。个人配置邮件服务器通常不需要 LDAP/Kerbersos/NFS/SAN/SSL 这些,剔除这些后就不是那么复杂了,不过再想一下,个人有必要配置邮件服务器么?直接用免费的 Google App 不是很方便么。

准备工作

简单介绍一下我们将要安装的软件包:

    Postfix: 用来接受和发送邮件的邮件服务器,正确说法应该叫邮件传送代理(Mail Transfer Agent,MTA),是邮件服务最重要的部分;
    Dovecot: POP 和 IMAP 服务器,用来管理本地邮件目录以便用户能通过 Mail.app, Thunderbird, Mutt 等邮件客户端(又叫邮件用户代理 Mail User Agent, MUA)登陆和下载邮件;
    Postgrey: 邮件灰名单工具,可简单的抵挡垃圾邮件;
    amavisd-new: 一个代理,用于连接邮件传输代理和内容检查器,可以理解为 Postfix 把邮件交给它,它负责联系病毒扫描和垃圾邮件过滤;
    Clam AntiVirus: 病毒扫描工具;
    SpamAssassin: 垃圾邮件内容过滤工具;
    Postfix Admin: Postfix 的 Web 前端,用来管理邮件用户和域名。

设置主机名(不要跳过这一步):

# hostname mail.vpsee.com

# vi /etc/hosts
127.0.0.1 mail.vpsee.com localhost

更新系统:

$ sudo apt-get update
$ sudo apt-get upgrade

安装必要软件包


安装 LAMP,Postfix 本身不需要 Apache/PHP/MySQL,但是因为要安装 Postfix Admin,并且管理用户需要用到数据库,所以要安装 Apache/PHP 和 MySQL.

$ sudo apt-get install lamp-server^
$ sudo apt-get install php-apc php5-curl php5-gd php-xml-parser php5-imap

安装邮件服务器及一些工具:

$sudo apt-get install mail-server^

$sudo apt-get install postfix-mysql dovecot-mysql postgrey
$sudo apt-get install amavis clamav clamav-daemon spamassassin

$sudo apt-get install libnet-dns-perl pyzor razor
$sudo apt-get install arj bzip2 cabextract cpio file gzip nomarch pax unzip zip

配置 Apache

编辑 apache 配置文件后重启:

$ sudo vi /etc/apache2/sites-available/default
...
    DocumentRoot /var/www
       
                Options FollowSymLinks
                AllowOverride None
       

...

$ sudo /etc/init.d/apache2 restart

配置 MySQL 数据库

创建一个名为 mail 的数据库并设置权限和密码:

$ mysql -uroot -p

mysql> create database mail;
mysql> grant all on mail.* to 'mail'@'localhost' identified by 'password';

配置 Postfix Admin

下载 psotfixadmin,解压后放到 /var/www:

$ wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.5/postfixadmin-2.3.5.tar.gz
$ gunzip postfixadmin-2.3.5.tar.gz
$ tar -xf postfixadmin-2.3.5.tar
$ sudo mv postfixadmin-2.3.5 /var/www/postfixadmin
$ sudo chown -R www-data:www-data /var/www/postfixadmin

配置 postfixamdin,标准的 php 程序配置方法,填入访问数据库需要的信息,其中 setup_password 部分稍后再填入:

$ sudo vi /var/www/postfixadmin/config.inc.php
...
$CONF['configured'] = true;
$CONF['setup_password'] = '稍后替代';
$CONF['postfix_admin_url'] = 'http://mail.vpsee.com/postfixadmin';
$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'mail';
$CONF['database_password'] = 'password';
$CONF['database_name'] = 'mail';
$CONF['admin_email'] = '[email protected]';
$CONF['encrypt'] = 'md5crypt';
...

用浏览器访问 http://mail.vpsee.com/postfixadmin/setup.php,用哈希后的密码字符串替代上面 $CONF[‘setup_password’] = ‘稍后替代’ 中的相关部分。

为了安全考虑,最好禁止 web 访问 setup.php:

$ sudo vi /var/www/postfixadmin/.htaccess

deny from all

配置 Dovecot

给系统添加 vmail 帐号:

$ sudo useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mail" vmail
$ sudo mkdir /var/vmail
$ sudo chmod 770 /var/vmail
$ sudo chown vmail:mail /var/vmail

开始配置 Dovecot,dovecot 支持多种认证方式,这里采用数据库认证,注意下面的配置文件一个包含一个,初看比较乱,10-auth.conf 有 !include auth-sql.conf.ext 一行,会包含 /etc/dovecot/conf.d/auth-sql.conf.ext,而 auth-sql.conf.ext 会包含下面要提到的 /etc/dovecot/dovecot-sql.conf.ext,这样只要用不同的 include 就可以切换不同的认证方式,虽然初看复杂一点但是熟悉以后用起来还是挺方便的。

$ sudo vi /etc/dovecot/conf.d/10-auth.conf

disable_plaintext_auth = yes
auth_mechanisms = plain login

!include auth-sql.conf.ext

配置 Dovecot,设置数据库参数,以便 dovecot 能正确访问刚才创建的 mail 数据库:

$ sudo vi /etc/dovecot/dovecot-sql.conf.ext
...
driver = mysql
connect = host=localhost dbname=mail user=mail password=password
default_pass_scheme = MD5-CRYPT
...
password_query =
  SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home,
  'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid
  FROM mailbox WHERE username = '%u' AND active = '1'

user_query =
  SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail,
  150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota
  FROM mailbox WHERE username = '%u' AND active = '1'
...

用户在服务器上用来存放邮件的地方在哪呢?所以需要指定邮件存放地址 /var/vmail,这个目录上面在创建 vmail 帐号时已经创建了:

$ sudo vi /etc/dovecot/conf.d/10-mail.conf
...
mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
mail_gid = mail
...

修改 /etc/dovecot/conf.d/10-master.conf

$ sudo vi /etc/dovecot/conf.d/10-master.conf
...
service auth {
  unix_listener auth-userdb {
   mode = 0600
    user = vmail
    group = mail
  }
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix       
  }
...

确认 dovecot 有权限读取配置文件:

$ sudo chown -R vmail:dovecot /etc/dovecot
$ sudo chmod -R o-rwx /etc/dovecot

配置 Amavis, ClamAV, SpamAssassin

互加 clamav, amavis 用户到对方组里以便能互相访问,配置过滤模式:

$ sudo adduser clamav amavis
$ sudo adduser amavis clamav

$ sudo vi /etc/amavis/conf.d/15-content_filter_mode
use strict;
@bypass_virus_checks_maps = (
   %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re);
@bypass_spam_checks_maps = (
   %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);
1; # ensure a defined return

启用 spamassassin:

$ sudo vi /etc/default/spamassassin
...
ENABLED=1
CRON=1
...

配置 Postfix

main.cf 是 postfix 的主要配置文件:

$ sudo /etc/postfix/main.cf
...
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

myhostname = mail.vpsee.com
myorigin = /etc/hostname
mydestination = mail.vpsee.com, localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
mynetworks_style = host

virtual_mailbox_base = /var/vmail/
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/m
ysql_virtual_alias_domainaliases_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

mail_spool_directory = /var/mail
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

content_filter = amavis:[127.0.0.1]:10024

header_checks = regexp:/etc/postfix/header_checks
...

注意上面配置有行 header_checks = regexp:/etc/postfix/header_checks,我们现在还没有 header_checks 文件,创建一个并包含一下内容,给自己邮件增加一点隐私,过滤一些信息:

$ sudo vi /etc/postfix/header_checks
/^Received:/                 IGNORE
/^User-Agent:/               IGNORE
/^X-Mailer:/                 IGNORE
/^X-Originating-IP:/         IGNORE
/^x-cr-[a-z]*:/              IGNORE
/^Thread-Index:/             IGNORE

还需要配置 master.cf 文件:

$ sudo vi /etc/postfix/master.cf
...
smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject
  -o smtpd_sasl_security_options=noanonymous,noplaintext
  -o smtpd_sasl_tls_security_options=noanonymous

amavis      unix    -       -       -       -       2       smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20
127.0.0.1:10025 inet    n       -       -       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o mynetworks=127.0.0.0/8
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

dovecot      unix   -        n      n       -       -   pipe
  flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)

还需要配置几个文件:

$ sudo vi /etc/postfix/mysql_virtual_alias_domainaliases_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
query = SELECT goto FROM alias,alias_domain
  WHERE alias_domain.alias_domain = '%d'
  AND alias.address=concat('%u', '@', alias_domain.target_domain)
  AND alias.active = 1

$ sudo vi /etc/postfix/mysql_virtual_alias_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'

$ sudo vi /etc/postfix/mysql_virtual_domains_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'

$ sudo vi /etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
query = SELECT maildir FROM mailbox, alias_domain
  WHERE alias_domain.alias_domain = '%d'
  AND mailbox.username=concat('%u', '@', alias_domain.target_domain )
  AND mailbox.active = 1

$ sudo vi /etc/postfix/mysql_virtual_mailbox_maps.cf
user = mail
password = password
hosts = 127.0.0.1
dbname = mail
table = mailbox
select_field = CONCAT(domain, '/', local_part)
where_field = username
additional_conditions = and active = '1'

大功告成,重启相关服务:

$ sudo service spamassassin restart
$ sudo service clamav-daemon restart
$ sudo service amavis restart
$ sudo service dovecot restart
$ sudo service postfix restart

测试 Postfix

用 telnet 连上邮件服务器的 25 端口(SMTP),然后发送 HELO mail.vpsee.com 指令就会得到 250 mail.vpsee.com 确认信息:

$ telnet mail.vpsee.com 25
Trying 192.168.2.66...
Connected to mail.vpsee.com.
Escape character is '^]'.
220 mail.vpsee.com ESMTP Postfix (Ubuntu)
HELO mail.vpsee.com
250 mail.vpsee.com

用 telnet 发送一封邮件试一下,下面的 MAIL FROM, RCPT TO, DATA, ., QUIT 都是指令:

$ telnet mail.vpsee.com 25
Trying 192.168.2.66...
Connected to mail.vpsee.com.
Escape character is '^]'.
220 mail.vpsee.com ESMTP Postfix (Ubuntu)
MAIL FROM:
250 2.1.0 Ok
RCPT TO:
250 2.1.5 Ok
DATA
354 End data with .
Subject: a test message
This is a test message!
.
250 2.0.0 Ok: queued as 6832FF0036
QUIT
221 2.0.0 Bye
Connection closed by foreign host.

ssh 登陆邮件服务器后去 /var/vmail 邮件目录看一下就可以证实 test2 用户是否收到来自 test1 用户的邮件,当然这个邮件也可以通过 Mail.app, Thunderbird, Mutt 这类工具收到本地电脑上看。

终于把邮件服务器配置好了,看来安装配置这个也不是一件简单的事,祝你顺利。

相关文章

精彩推荐