前段时间把一台 FreeBSD 邮件服务器移到了 Ubuntu 虚拟机,又痛苦的配置了一次邮件服务器,配置完后再写一遍 Puppet 代码,把整个配置过程代码化,然后再重建一次虚拟机测试和应用 Puppet 代码,每次看到满屏的自动配置过程都会惊讶 Puppet 的魔力。
邮件服务器配置之所以麻烦是因为需要了解很多东西,牵涉到域名服务 DNS/Bind,Web 收发邮件 Apache/PHP/MySQL/SquirrelMail,认证服务 LDAP, Kerberos, PAM,邮件通常存放在额外存储上还要 NFS/SAN,邮件服务 Postfix/Dovecot,反垃圾反病毒 Postgrey/Clam AV/SpamAssassion,安全认证 SSL,监控和备份等等,这一套下来基本包括了 Linux 系统管理的方方面面,所以说配置一个安全可靠的企业级邮件系统不容易,足够写一本书。个人配置邮件服务器通常不需要 LDAP/Kerbersos/NFS/SAN/SSL 这些,剔除这些后就不是那么复杂了,不过再想一下,个人有必要配置邮件服务器么?直接用免费的 Google App 不是很方便么。
准备工作
简单介绍一下我们将要安装的软件包:
- Postfix: 用来接受和发送邮件的邮件服务器,正确说法应该叫邮件传送代理(Mail Transfer Agent,MTA),是邮件服务最重要的部分;
- Dovecot: POP 和 IMAP 服务器,用来管理本地邮件目录以便用户能通过 Mail.app, Thunderbird, Mutt 等邮件客户端(又叫邮件用户代理 Mail User Agent, MUA)登陆和下载邮件;
- Postgrey: 邮件灰名单工具,可简单的抵挡垃圾邮件;
- amavisd-new: 一个代理,用于连接邮件传输代理和内容检查器,可以理解为 Postfix 把邮件交给它,它负责联系病毒扫描和垃圾邮件过滤;
- Clam AntiVirus: 病毒扫描工具;
- SpamAssassin: 垃圾邮件内容过滤工具;
- Postfix Admin: Postfix 的 Web 前端,用来管理邮件用户和域名。
设置主机名(不要跳过这一步):
# hostname mail.vpsee.com # vi /etc/hosts 127.0.0.1 mail.vpsee.com localhost
更新系统:
$ sudo apt-get update $ sudo apt-get upgrade
安装必要软件包
安装 LAMP,Postfix 本身不需要 Apache/PHP/MySQL,但是因为要安装 Postfix Admin,并且管理用户需要用到数据库,所以要安装 Apache/PHP 和 MySQL.
$ sudo apt-get install lamp-server^ $ sudo apt-get install php-apc php5-curl php5-gd php-xml-parser php5-imap
安装邮件服务器及一些工具:
$sudo apt-get install mail-server^ $sudo apt-get install postfix-mysql dovecot-mysql postgrey $sudo apt-get install amavis clamav clamav-daemon spamassassin $sudo apt-get install libnet-dns-perl pyzor razor $sudo apt-get install arj bzip2 cabextract cpio file gzip nomarch pax unzip zip
配置 Apache
编辑 apache 配置文件后重启:
$ sudo vi /etc/apache2/sites-available/default ... DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> ... $ sudo /etc/init.d/apache2 restart
配置 MySQL 数据库
创建一个名为 mail 的数据库并设置权限和密码:
$ mysql -uroot -p mysql> create database mail; mysql> grant all on mail.* to 'mail'@'localhost' identified by 'password';
配置 Postfix Admin
下载 psotfixadmin,解压后放到 /var/www:
$ wget http://downloads.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.3.5/postfixadmin-2.3.5.tar.gz $ gunzip postfixadmin-2.3.5.tar.gz $ tar -xf postfixadmin-2.3.5.tar $ sudo mv postfixadmin-2.3.5 /var/www/postfixadmin $ sudo chown -R www-data:www-data /var/www/postfixadmin
配置 postfixamdin,标准的 php 程序配置方法,填入访问数据库需要的信息,其中 setup_password 部分稍后再填入:
$ sudo vi /var/www/postfixadmin/config.inc.php ... $CONF['configured'] = true; $CONF['setup_password'] = '稍后替代'; $CONF['postfix_admin_url'] = 'http://mail.vpsee.com/postfixadmin'; $CONF['database_type'] = 'mysql'; $CONF['database_host'] = 'localhost'; $CONF['database_user'] = 'mail'; $CONF['database_password'] = 'password'; $CONF['database_name'] = 'mail'; $CONF['admin_email'] = 'admin@vpsee.com'; $CONF['encrypt'] = 'md5crypt'; ...
用浏览器访问 http://mail.vpsee.com/postfixadmin/setup.php,用哈希后的密码字符串替代上面 $CONF[‘setup_password’] = ‘稍后替代’ 中的相关部分。
为了安全考虑,最好禁止 web 访问 setup.php:
$ sudo vi /var/www/postfixadmin/.htaccess deny from all
配置 Dovecot
给系统添加 vmail 帐号:
$ sudo useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual Mail" vmail $ sudo mkdir /var/vmail $ sudo chmod 770 /var/vmail $ sudo chown vmail:mail /var/vmail
开始配置 Dovecot,dovecot 支持多种认证方式,这里采用数据库认证,注意下面的配置文件一个包含一个,初看比较乱,10-auth.conf 有 !include auth-sql.conf.ext 一行,会包含 /etc/dovecot/conf.d/auth-sql.conf.ext,而 auth-sql.conf.ext 会包含下面要提到的 /etc/dovecot/dovecot-sql.conf.ext,这样只要用不同的 include 就可以切换不同的认证方式,虽然初看复杂一点但是熟悉以后用起来还是挺方便的。
$ sudo vi /etc/dovecot/conf.d/10-auth.conf disable_plaintext_auth = yes auth_mechanisms = plain login !include auth-sql.conf.ext
配置 Dovecot,设置数据库参数,以便 dovecot 能正确访问刚才创建的 mail 数据库:
$ sudo vi /etc/dovecot/dovecot-sql.conf.ext ... driver = mysql connect = host=localhost dbname=mail user=mail password=password default_pass_scheme = MD5-CRYPT ... password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1' user_query = SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1' ...
用户在服务器上用来存放邮件的地方在哪呢?所以需要指定邮件存放地址 /var/vmail,这个目录上面在创建 vmail 帐号时已经创建了:
$ sudo vi /etc/dovecot/conf.d/10-mail.conf ... mail_location = maildir:/var/vmail/%d/%n mail_uid = vmail mail_gid = mail ...
修改 /etc/dovecot/conf.d/10-master.conf
$ sudo vi /etc/dovecot/conf.d/10-master.conf ... service auth { unix_listener auth-userdb { mode = 0600 user = vmail group = mail } unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } ...
确认 dovecot 有权限读取配置文件:
$ sudo chown -R vmail:dovecot /etc/dovecot $ sudo chmod -R o-rwx /etc/dovecot
配置 Amavis, ClamAV, SpamAssassin
互加 clamav, amavis 用户到对方组里以便能互相访问,配置过滤模式:
$ sudo adduser clamav amavis $ sudo adduser amavis clamav $ sudo vi /etc/amavis/conf.d/15-content_filter_mode use strict; @bypass_virus_checks_maps = ( %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re); @bypass_spam_checks_maps = ( %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re); 1; # ensure a defined return
启用 spamassassin:
$ sudo vi /etc/default/spamassassin ... ENABLED=1 CRON=1 ...
配置 Postfix
main.cf 是 postfix 的主要配置文件:
$ sudo /etc/postfix/main.cf ... smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes myhostname = mail.vpsee.com myorigin = /etc/hostname mydestination = mail.vpsee.com, localhost mynetworks = 127.0.0.0/8 inet_interfaces = all mynetworks_style = host virtual_mailbox_base = /var/vmail/ virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/m ysql_virtual_alias_domainaliases_maps.cf virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf mail_spool_directory = /var/mail virtual_transport = dovecot dovecot_destination_recipient_limit = 1 content_filter = amavis:[127.0.0.1]:10024 header_checks = regexp:/etc/postfix/header_checks ...
注意上面配置有行 header_checks = regexp:/etc/postfix/header_checks,我们现在还没有 header_checks 文件,创建一个并包含一下内容,给自己邮件增加一点隐私,过滤一些信息:
$ sudo vi /etc/postfix/header_checks /^Received:/ IGNORE /^User-Agent:/ IGNORE /^X-Mailer:/ IGNORE /^X-Originating-IP:/ IGNORE /^x-cr-[a-z]*:/ IGNORE /^Thread-Index:/ IGNORE
还需要配置 master.cf 文件:
$ sudo vi /etc/postfix/master.cf ... smtps inet n - - - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination,reject -o smtpd_sasl_security_options=noanonymous,noplaintext -o smtpd_sasl_tls_security_options=noanonymous amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/dovecot-lda -d $(recipient)
还需要配置几个文件:
$ sudo vi /etc/postfix/mysql_virtual_alias_domainaliases_maps.cf user = mail password = password hosts = 127.0.0.1 dbname = mail query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' AND alias.address=concat('%u', '@', alias_domain.target_domain) AND alias.active = 1 $ sudo vi /etc/postfix/mysql_virtual_alias_maps.cf user = mail password = password hosts = 127.0.0.1 dbname = mail table = alias select_field = goto where_field = address additional_conditions = and active = '1' $ sudo vi /etc/postfix/mysql_virtual_domains_maps.cf user = mail password = password hosts = 127.0.0.1 dbname = mail table = domain select_field = domain where_field = domain additional_conditions = and backupmx = '0' and active = '1' $ sudo vi /etc/postfix/mysql_virtual_mailbox_domainaliases_maps.cf user = mail password = password hosts = 127.0.0.1 dbname = mail query = SELECT maildir FROM mailbox, alias_domain WHERE alias_domain.alias_domain = '%d' AND mailbox.username=concat('%u', '@', alias_domain.target_domain ) AND mailbox.active = 1 $ sudo vi /etc/postfix/mysql_virtual_mailbox_maps.cf user = mail password = password hosts = 127.0.0.1 dbname = mail table = mailbox select_field = CONCAT(domain, '/', local_part) where_field = username additional_conditions = and active = '1'
大功告成,重启相关服务:
$ sudo service spamassassin restart $ sudo service clamav-daemon restart $ sudo service amavis restart $ sudo service dovecot restart $ sudo service postfix restart
测试 Postfix
用 telnet 连上邮件服务器的 25 端口(SMTP),然后发送 HELO mail.vpsee.com 指令就会得到 250 mail.vpsee.com 确认信息:
$ telnet mail2.vpsee.com 25 Trying 192.168.2.66... Connected to mail.vpsee.com. Escape character is '^]'. 220 mail.vpsee.com ESMTP Postfix (Ubuntu) HELO mail.vpsee.com 250 mail.vpsee.com
用 telnet 发送一封邮件试一下,下面的 MAIL FROM, RCPT TO, DATA, ., QUIT 都是指令:
$ telnet mail2.vpsee.com 25 Trying 192.168.2.66... Connected to mail.vpsee.com. Escape character is '^]'. 220 mail.vpsee.com ESMTP Postfix (Ubuntu) MAIL FROM:<test1@vpsee.com> 250 2.1.0 Ok RCPT TO:<test2@vpsee.com> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> Subject: a test message This is a test message! . 250 2.0.0 Ok: queued as 6832FF0036 QUIT 221 2.0.0 Bye Connection closed by foreign host.
ssh 登陆邮件服务器后去 /var/vmail 邮件目录看一下就可以证实 test2 用户是否收到来自 test1 用户的邮件,当然这个邮件也可以通过 Mail.app, Thunderbird, Mutt 这类工具收到本地电脑上看。
本文出自:http://www.vpsee.com/2012/06/install-mail-server-on-ubuntu-12-04/

获取更多建站运营运维新知!互联网创业、前沿技术......
最新评论
水淀粉vdfv
有其他下载方式么,网站上的点击下载后没有任何反应,或者直接发给我一下?83835079@qq.com
你好,我的型号ELECOM WRC-X3200GST3,ARMv8 Processor rev 4构架,CPU mediatek/mt7622,找了很久没有找到
我的也是这样。一直无法确认ARCH架构,或是不支持。一直没办法用。不知道怎么办了
您好,现在安装上了,可是ssr plus+配置好节点也没用,一直都是未运行,节点是有效的; 另外那个passwall2一找开就提示"无法确认ARCH架构,或是不支持", 麻烦大佬帮忙看下是什么问题,谢谢!