如何使用 Postfix、Dovecot、MySQL 和 SpamAssassin 配置邮件服务器
介绍
在本教程中,我们将在 Ubuntu 12.04 上使用 Postfix、Dovecot、MySQL 和 SpamAssassin 配置邮件服务器。
按照本教程,您将能够添加虚拟域、用户和别名。此外,您的虚拟服务器将免受垃圾邮件中心的侵害。
先决条件
在设置邮件服务器之前,您的 VPS 必须具备以下条件:
* 域名正在转发到您的服务器(设置域名)
* 安装并配置 MySQL(设置 mysql)
* 具有 root 权限的用户(设置新用户- 省略步骤 5)
* 配置并识别您的 FQDN(设置 FQDN)
可选:SSL 证书(设置免费签名的 SSL 证书)
可选(以 root 用户身份登录)
以 root 用户身份安装软件包很有用,因为您拥有所有权限。
sudo -i输入您的用户密码。输入成功后,您将看到该$符号变为#。
步骤 1:安装软件包
apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql当提示 Postfix 配置时选择 Internet 站点:
Postfix 配置将询问系统邮件名称 - 您可以使用您的 FDQN 或主域。
第 2 步:创建 MySQL 数据库、虚拟域、用户和别名
安装完成后,我们将创建一个 MySQL 数据库来配置三个不同的表:一个用于域,一个用于用户,最后一个用于别名。
我们将命名数据库servermail,但您可以使用任何您想要的名称。
创建服务器邮件数据库:
mysqladmin -p create servermail以 MySQL root 用户身份登录
mysql -u root -p输入您的 MySQL root 密码;如果成功,您将看到:
mysql >首先,我们需要创建一个新用户,专门用于邮件验证,并授予 SELECT 权限。
mysql > GRANT SELECT ON servermail.* TO 'usermail'@'127.0.0.1' IDENTIFIED BY 'mailpassword';之后,我们需要重新加载 MySQL 权限以确保它成功应用这些权限:
mysql > FLUSH PRIVILEGES;最后我们需要使用数据库创建表并引入我们的数据:
mysql> USE servermail;我们将为被识别为授权域的特定域创建一个表。
CREATE TABLE `virtual_domains` (
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(50) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
我们将创建一个表来介绍用户。在这里您将添加电子邮件地址和密码。需要将每个用户与一个域关联起来。
CREATE TABLE `virtual_users` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`password` VARCHAR(106) NOT NULL,
`email` VARCHAR(120) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;最后,我们将创建一个虚拟别名表来指定您要转发到其他电子邮件的所有电子邮件。
CREATE TABLE `virtual_aliases` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
我们已经成功创建了三个表,现在我们要引入数据。
虚拟域
这里我们将在 virtual_domains 表中介绍您的域。您可以添加所需的所有域,但在本教程中我们将仅介绍主域 (example.com) 和您的 FQDN (hostname.example.com)。
INSERT INTO `servermail`.`virtual_domains`
(`id` ,`name`)
VALUES
('1', 'example.com'),
('2', 'hostname.example.com');
虚拟电子邮件
我们将介绍与每个域名关联的电子邮件地址和密码。请确保使用您的具体信息更改所有信息。
INSERT INTO `servermail`.`virtual_users`
(`id`, `domain_id`, `password` , `email`)
VALUES
('1', '1', ENCRYPT('firstpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email1@example.com'),
('2', '1', ENCRYPT('secondpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email2@example.com');
虚拟别名
我们将介绍要转发到另一个电子邮件地址(目的地)的电子邮件地址(源)。
INSERT INTO `servermail`.`virtual_aliases`
(`id`, `domain_id`, `source`, `destination`)
VALUES
('1', '1', 'alias@example.com', 'email1@example.com');
退出 MySQL
mysql > exit步骤3:配置Postfix
我们将配置 Postfix 来处理 SMTP 连接并向 MySQL 数据库中引入的每个用户发送消息。
首先,我们需要创建默认文件的副本,以防您想恢复到默认配置。
cp /etc/postfix/main.cf /etc/postfix/main.cf.orig打开main.cf文件进行修改:
nano /etc/postfix/main.cf首先,我们需要注释掉 TLS 参数并添加其他参数。在本教程中,我们使用免费 SSL 证书和教程中建议的路径(链接),但您可以根据个人配置进行修改。
# TLS parameters
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_use_tls=yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem
smtpd_tls_key_file=/etc/ssl/private/dovecot.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
然后,我们将在上一步中更改的 TLS 设置下方附加以下参数:
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
我们需要注释掉mydestination默认设置,并将其替换为localhost。此更改允许您的 VPS 使用 MySQL 表内的虚拟域。
#mydestination = example.com, hostname.example.com, localhost.example.com, localhost
mydestination = localhost
验证 myhostname 参数是否已使用您的 FQDN 设置。
myhostname = hostname.example.com
附加以下行以将本地邮件传递到 MySQL 表内列出的所有虚拟域。
virtual_transport = lmtp:unix:private/dovecot-lmtp最后,我们需要添加这三个参数来告诉Postfix配置虚拟域、用户和别名。
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
注意:将这些更改与此文件进行比较以检测错误:
https://www.dropbox.com/s/x9fpm9v1dr86gkw/etc-postfix-main.cf.txt我们将创建在 main.cf 文件中附加的最后三个文件,以告诉 Postfix 如何连接 MySQL。
首先我们需要创建mysql-virtual-mailbox-domains.cf文件。需要根据个人配置更改值。
nano /etc/postfix/mysql-virtual-mailbox-domains.cf
user = usermail
password = mailpassword
hosts = 127.0.0.1
dbname = servermail
query = SELECT 1 FROM virtual_domains WHERE name='%s'
然后我们需要重新启动Postfix。
service postfix restart
我们需要确保 Postfix 能够找到您的域名,因此我们需要使用以下命令进行测试。如果成功,它应该返回 1:
postmap -q example.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
然后我们需要创建mysql-virtual-mailbox-maps.cf文件。
nano /etc/postfix/mysql-virtual-mailbox-maps.cf
user = usermail
password = mailpassword
hosts = 127.0.0.1
dbname = servermail
query = SELECT 1 FROM virtual_users WHERE email='%s'
我们需要再次重新启动 Postfix。
service postfix restart现在,我们将使用以下命令确保 Postfix 找到您的第一个电子邮件地址。如果成功,它应该返回 1:
postmap -q email1@example.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf最后,我们将创建最后一个文件来配置Postfix 和 MySQL 之间的连接。
nano /etc/postfix/mysql-virtual-alias-maps.cf
user = usermail
password = mailpassword
hosts = 127.0.0.1
dbname = servermail
query = SELECT destination FROM virtual_aliases WHERE source='%s'
重启 Postfix
service postfix restart
我们需要验证 Postfix 是否可以找到您的别名。输入以下命令,它应该返回转发到别名的邮件:
postmap -q alias@example.com mysql:/etc/postfix/mysql-virtual-alias-maps.cf如果要启用端口 587 以便与电子邮件客户端安全连接,则需要修改 /etc/postfix/master.cf 文件
nano /etc/postfix/master.cf
我们需要取消注释这些行并附加其他参数:
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
在某些情况下,我们需要重新启动 Postfix 以确保端口 587 已打开。
service postfix restart注意:您可以使用此工具扫描您的域端口并验证端口 25 和 587 是否打开(http://mxtoolbox.com/SuperTool.aspx)
步骤4:配置Dovecot
We are going to copy the 7 files we're going to modify, so that you could revert it to default if you needed to. Enter the following commands one by one:
cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig
cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig
cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig
cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig
cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig
Edit configuration file from Dovecot.
nano /etc/dovecot/dovecot.confVerify this option is uncommented.
!include conf.d/*.confWe are going to enable protocols (add pop3 if you want to) below the !include_try /usr/share/dovecot/protocols.d/*.protocol line.
!include_try /usr/share/dovecot/protocols.d/*.protocol
protocols = imap lmtp
Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/wmbe3bwy0vcficj/etc-dovecot-dovecot.conf.txt
Then we are going to edit the mail configuration file:
nano /etc/dovecot/conf.d/10-mail.confFind the mail_location line, uncomment it, and put the following parameter:
mail_location = maildir:/var/mail/vhosts/%d/%nFind the mail_privileged_group line, uncomment it, and add the mail parameter like so:
mail_privileged_group = mailNote: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/hnfeieuy77m5b0a/etc.dovecot.conf.d-10-mail.conf.txt
Verify permissions
Enter this command:
ls -ld /var/mail
Ensure permissions are like this:
drwxrwsr-x 3 root vmail 4096 Jan 24 21:23 /var/mailWe are going to create a folder for each domain that we register in the MySQL table:
mkdir -p /var/mail/vhosts/example.comCreate a vmail user and group with an id of 5000
groupadd -g 5000 vmail
useradd -g vmail -u 5000 vmail -d /var/mail
We need to change the owner of the /var/mail folder to the vmail user.
chown -R vmail:vmail /var/mailThen we need to edit the /etc/dovecot/conf.d/10-auth.conf file:
nano /etc/dovecot/conf.d/10-auth.confUncomment plain text authentication and add this line:
disable_plaintext_auth = yesModify auth_mechanisms parameter:
auth_mechanisms = plain loginComment this line:
#!include auth-system.conf.extEnable MySQL authorization by uncommenting this line:
!include auth-sql.conf.extNote: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/4h472nqrj700pqk/etc.dovecot.conf.d.10-auth.conf.txtWe need to create the /etc/dovecot/dovecot-sql.conf.ext file with your information for authentication:
nano /etc/dovecot/conf.d/auth-sql.conf.extEnter the following code in the file:
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
}
We need to modify the /etc/dovecot/dovecot-sql.conf.ext file with our custom MySQL information:
nano /etc/dovecot/dovecot-sql.conf.extUncomment the driver parameter and set mysql as parameter:
driver = mysqlUncomment the connect line and introduce your MySQL specific information:
connect = host=127.0.0.1 dbname=servermail user=usermail password=mailpasswordUncomment the default_pass_scheme line and change it to SHA-512.
default_pass_scheme = SHA512-CRYPTUncomment the password_query line and add this information:
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/48a5r0mtgdz25cz/etc.dovecot.dovecot-sql.conf.ext.txtChange the owner and the group of the dovecot folder to vmail user:
chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot
Open and modify the /etc/dovecot/conf.d/10-master.conf file (be careful because different parameters will be changed).
nano /etc/dovecot/conf.d/10-master.conf
##Uncomment inet_listener_imap and modify to port 0
service imap-login {
inet_listener imap {
port = 0
}
#Create LMTP socket and this configurations
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
#inet_listener lmtp {
# Avoid making LMTP visible for the entire internet
#address =
#port =
#}
}
Modify unix_listener parameter to service_auth like this:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
#group =
}
#unix_listener /var/spool/postfix/private/auth {
# mode = 0666
#}
user = dovecot
}
Modify service auth-worker like this:
service auth-worker {
# Auth worker process is run as root by default, so that it can access
# /etc/shadow. If this isn't necessary, the user should be changed to
# $default_internal_user.
user = vmail
}
Note: Compare these changes with this file to detect mistakes or errors:
https://www.dropbox.com/s/g0vnt233obh6v2h/etc.dovecot.conf.d.10-master.conf.txtFinally, we are going to modify the SSL configuration file from Dovecot (skip this step if you are going to use default configuration).
# nano /etc/dovecot/conf.d/10-ssl.confChange the ssl parameter to required:
ssl = requiredAnd modify the path for ssl_cert and ssl_key:
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
Restart Dovecot
service dovecot restartYou should check that port 993 is open and working (in case you enable pop3; you should check also port 995).
telnet example.com 993Congratulations. You have successfully configured your mail server and you may test your account using an email client:
- Username: email1@example.com - Password: email1's password - IMAP: example.com - SMTP: example.com
Note: use port 993 for secure IMAP and port 587 or 25 for SMTP.
Step 5: Configure SpamAssassin
First we need to install SpamAssassin.
apt-get install spamassassin spamcThen we need to create a user for SpamAssassin.
adduser spamd --disabled-loginTo successfully configure SpamAssassin, it's necessary to open and modify the configuration settings.
nano /etc/default/spamassassinWe need to change the ENABLED parameter to enable SpamAssassin daemon.
ENABLED=1We need to configure the home and options parameters.
SPAMD_HOME="/home/spamd/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${SPAMD_HOME} -s ${SPAMD_HOME}spamd.log"
Then we need to specify the PID_File parameter like this:
PIDFILE="${SPAMD_HOME}spamd.pid"最后,我们需要指定SpamAssassin的规则将自动更新。
CRON=1注意:将这些更改与此文件进行比较以检测错误:
https://www.dropbox.com/s/ndvpgc2jipdd4bk/etc.default.spamassassin.txt我们需要打开/etc/spamassassin/local.cf设置反垃圾邮件规则。
nano /etc/spamassassin/local.cfSpamAssassin 会对每封邮件进行评分,如果它在垃圾邮件检查中确定这封邮件的评分大于 5.0,则会自动将其视为垃圾邮件。您可以使用以下参数来配置反垃圾邮件规则:
rewrite_header Subject ***** SPAM _SCORE_ *****
report_safe 0
required_score 5.0
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
skip_rbl_checks 0
use_razor2 0
use_dcc 0
use_pyzor 0
我们需要更改 Postfix/etc/postfix/master.cf文件,告诉它每封电子邮件都将使用 SpamAssassin 检查。
nano /etc/postfix/master.cf然后我们需要找到以下行并添加 spamassassin 过滤器:
smtp inet n - - - - smtpd
-o content_filter=spamassassin
最后我们需要附加以下参数:
spamassassin unix - n n - - pipe
user=spamd argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
需要启动 SpamAssassin 并重新启动 Postfix 才能开始验证电子邮件中的垃圾邮件。
service spamassassin start
service postfix restart
恭喜!您已成功使用 Postfix 和 Dovecot 设置了邮件服务器,并使用 MySQL 身份验证和 SpamAssassin 进行垃圾邮件过滤!