安裝和配置Postfix和Dovecot

這是我們設置和配置郵件服務器系列的第二篇文章。 在這篇文章中,我們將向您展示如何安裝和配置Postfix和Dovecot,這是我們郵件系統的兩個主要組件。

Postfix是一種開源郵件傳輸代理(MTA),一種用於發送和接收電子郵件的服務。 Dovecot是IMAP / POP3服務器,在我們的設置中,它還將處理本地傳遞和用戶身份驗證。

本教程是為Ubuntu 16.04編寫的,但是在任何較新版本的Ubuntu上,只需進行少量修改即可執行相同的步驟。

先決條件

在繼續本教程之前,請確保您以具有sudo特權的用戶身份登錄。

安裝Postfix和Dovecot#

Ubuntu默認存儲庫中的Dovecot軟件包已過時。 為了利用 imap_sieve 模塊,我們將從Dovecot社區存儲庫安裝Dovecot。

使用以下wget命令將存儲庫GPG密鑰添加到apt源密鑰環:

wget -O- https://repo.dovecot.org/DOVECOT-REPO-GPG | sudo apt-key add -

使用以下命令啟用Dovecot社區存儲庫:

echo "deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/$(lsb_release -cs) $(lsb_release -cs) main" | sudo tee -a /etc/apt/sources.list.d/dovecot.list
sudo apt updatesudo debconf-set-selections <<< "postfix postfix/mailname string $(hostname -f)"sudo debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"sudo apt install postfix postfix-mysql dovecot-imapd dovecot-lmtpd dovecot-pop3d dovecot-mysql

後綴配置

我們將設置Postfix以使用虛擬郵箱和域。

首先創建 sql 配置文件,該文件將指示postfix如何訪問MySQL數據庫,該文件在本系列的第一部分中創建。

sudo mkdir -p /etc/postfix/sql

打開文本編輯器並創建以下文件:

/etc/postfix/sql/mysql_virtual_domains_maps.cf

user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT domain FROM domain WHERE domain='%s' AND active="1"

/etc/postfix/sql/mysql_virtual_alias_maps.cf

user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT goto FROM alias WHERE address="%s" AND active="1"

/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf

user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active="1"

/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf

user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query  = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active="1"

/etc/postfix/sql/mysql_virtual_mailbox_maps.cf

user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT maildir FROM mailbox WHERE username="%s" AND active="1"

/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

user = postfixadmin
password = P4ssvv0rD
hosts = 127.0.0.1
dbname = postfixadmin
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active="1"

創建SQL配置文件後,請更新主後綴配置文件,以包含有關存儲在MySQL數據庫中的虛擬域,用戶和別名的信息。

sudo postconf -e "virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf"sudo postconf -e "virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf"sudo postconf -e "virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf"

postconf命令顯示配置參數的實際值,更改配置參數值或顯示有關Postfix郵件系統的其他配置信息。

本地傳遞代理會將傳入的電子郵件傳遞到用戶的郵箱。 運行以下命令,將Dovecot的LMTP服務設置為默認郵件傳遞傳輸:

sudo postconf -e "virtual_transport = lmtp:unix:private/dovecot-lmtp"

使用先前生成的“加密SSL證書”設置TL參數:

sudo postconf -e 'smtp_tls_security_level = may'sudo postconf -e 'smtpd_tls_security_level = may'sudo postconf -e 'smtp_tls_note_starttls_offer = yes'sudo postconf -e 'smtpd_tls_loglevel = 1'sudo postconf -e 'smtpd_tls_received_header = yes'sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/mail.linuxize.com/fullchain.pem'sudo postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/mail.linuxize.com/privkey.pem'

配置經過身份驗證的SMTP設置,並將身份驗證移交給Dovecot:

sudo postconf -e 'smtpd_sasl_type = dovecot'sudo postconf -e 'smtpd_sasl_path = private/auth'sudo postconf -e 'smtpd_sasl_local_domain ='sudo postconf -e 'smtpd_sasl_security_options = noanonymous'sudo postconf -e 'broken_sasl_auth_clients = yes'sudo postconf -e 'smtpd_sasl_auth_enable = yes'sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

我們還需要編輯Postfix主配置文件 master.cf 並啟用提交端口(587)和smtps端口(465)。

使用文本編輯器打開文件,然後取消注釋/編輯以下行:

/etc/postfix/master.cf

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

重新啟動後綴服務以使更改生效。

sudo systemctl restart postfix

至此,您已經成功配置了Postfix服務。

配置鴿舍#

在本節中,我們將配置Dovecot使其與我們的設置相匹配。 確保編輯以黃色突出顯示的行。

首先配置 dovecot-sql.conf.ext 該文件指示Dovecot如何訪問數據庫以及如何查找有關電子郵件帳戶的信息。

/etc/dovecot/dovecot-sql.conf.ext

driver = mysql
connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=P4ssvv0rD
default_pass_scheme = MD5-CRYPT
iterate_query = SELECT username AS user FROM mailbox
user_query = SELECT CONCAT('/var/mail/vmail/',maildir) AS home, 
  CONCAT('maildir:/var/mail/vmail/',maildir) AS mail, 
  5000 AS uid, 5000 AS gid, CONCAT('*:bytes=",quota) AS quota_rule 
  FROM mailbox WHERE username = "%u' AND active = 1
password_query = SELECT username AS user,password FROM mailbox 
  WHERE username="%u" AND active="1"

不要忘記使用正確的MySQL憑據(dbname,用戶名和密碼)。

接下來,編輯 conf.d/10-mail.conf 文件並編輯以下變量:

/etc/dovecot/conf.d/10-mail.conf

...
mail_location = maildir:/var/mail/vmail/%d/%n
...
mail_uid = vmail
mail_gid = vmail
...
first_valid_uid = 5000
last_valid_uid = 5000
...
mail_privileged_group = vmail
...
mail_plugins = quota
...

要使身份驗證有效,請打開 conf.d/10-auth.conf,編輯以下幾行,並添加 auth-sql.conf.ext 文件:

/etc/dovecot/conf.d/10-auth.conf

...
disable_plaintext_auth = yes
...
auth_mechanisms = plain login
...
#!include auth-system.conf.ext
!include auth-sql.conf.ext
...

打開 conf.d/10-master.conf 文件,並進行如下修改:

/etc/dovecot/conf.d/10-master.conf

...
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
  }
...
}
...
service auth {
  ...
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    group = vmail
  }
  ...
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
  ...
}
...
service auth-worker {
  user = vmail
}
...
service dict {
  unix_listener dict {
    mode = 0660
    user = vmail
    group = vmail
  }
}
...

打開 conf.d/10-ssl.conf 並啟用SSL / TLS。

/etc/dovecot/conf.d/10-ssl.conf

...
ssl = yes
...
ssl_cert = </etc/letsencrypt/live/mail.linuxize.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.linuxize.com/privkey.pem
ssl_dh = </etc/ssl/certs/dhparam.pem
...
ssl_cipher_list = EECDH+AES:EDH+AES+aRSA
...
ssl_prefer_server_ciphers = yes
...

確保使用正確的SSL證書文件路徑。如果從一開始就遵循此系列說明,則應該已經 fullchain.pemprivkey.pemdhparam.pem 在服務器上創建的文件。 有關如何創建免費的“讓我們加密SSL證書和Diffie-Hellman密鑰”的更多信息,請查看本教程。感謝Nevyn注意到此問題並提供了解決方案。

打開 conf.d/20-imap.conf 文件並激活 imap_quota 插入:

/etc/dovecot/conf.d/20-imap.conf

...
protocol imap {
  ...
  mail_plugins = $mail_plugins imap_quota
  ...
}
...

打開 conf.d/20-lmtp.conf 文件並按如下所示進行編輯:

/etc/dovecot/conf.d/20-lmtp.conf

...
protocol lmtp {
  postmaster_address = [email protected]
  mail_plugins = $mail_plugins
}
...

在中定義默認郵箱 conf.d/20-lmtp.conf 文件:

/etc/dovecot/conf.d/15-mailboxes.conf

...
mailbox Drafts {
  special_use = Drafts
}
mailbox Spam {
  special_use = Junk
  auto = subscribe
}
mailbox Junk {
  special_use = Junk
}
...

有兩種不同類型的配額大小,一種是為整個域設置的,另一種是為每個用戶郵箱設置的。 在本系列的上一部分中,我們已經在PostfixAdmin中啟用了配額支持,這意味着配額信息將存儲在PostfixAdmin數據庫中。

現在,我們需要配置Dovecot以連接到數據庫,處理配額限制,並運行一個腳本,該腳本在用戶的配額超過指定的限制時向用戶發送郵件。 為此,請打開 conf.d/90-quota.conf 文件並進行如下修改:

/etc/dovecot/conf.d/90-quota.conf

plugin {
  quota = dict:User quota::proxy::sqlquota
  quota_rule = *:storage=5GB
  quota_rule2 = Trash:storage=+100M
  quota_grace = 10%%
  quota_exceeded_message = Quota exceeded, please contact your system administrator.
  quota_warning = storage=100%% quota-warning 100 %u
  quota_warning2 = storage=95%% quota-warning 95 %u
  quota_warning3 = storage=90%% quota-warning 90 %u
  quota_warning4 = storage=85%% quota-warning 85 %u
}

service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  user = vmail

  unix_listener quota-warning {
    group = vmail
  	mode = 0660
  	user = vmail
  }
}

dict {
  sqlquota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}

我們還需要告訴dovecot如何訪問配額SQL詞典。 打開 dovecot-dict-sql.conf.ext 文件並編輯以下行:

/etc/dovecot/dovecot-dict-sql.conf.ext

...
connect = host=127.0.0.1 dbname=postfixadmin user=postfixadmin password=P4ssvv0rD
...
map {
  pattern = priv/quota/storage
  table = quota2
  username_field = username
  value_field = bytes
}
map {
  pattern = priv/quota/messages
  table = quota2
  username_field = username
  value_field = messages
}
...
# map {
#   pattern = shared/expire/$user/$mailbox
#   table = expires
#   value_field = expire_stamp
#
#   fields {
#     username = $user
#     mailbox = $mailbox
#   }
# }
...

確保使用正確的MySQL憑據(dbname,用戶和密碼)。

創建以下shell腳本,如果其配額超過指定的限制,該腳本將向用戶發送電子郵件:

/usr/local/bin/quota-warning.sh

#!/bin/sh
PERCENT=$1
USER=$2
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=dict:User quota::noenforcing:proxy::sqlquota"
From: [email protected]
Subject: Quota warning

Your mailbox is now $PERCENT% full.
EOF

通過運行以下命令使腳本可執行 chmod 命令:

sudo chmod +x /usr/local/bin/quota-warning.sh

最後,重新啟動dovecot服務,以使更改生效。

sudo systemctl restart dovecot

結論#

到現在,您應該已經擁有一個功能齊全的郵件系統。 在本系列的下一部分中,我們將向您展示如何安裝和集成Rspamd。

郵件服務器後綴dovecot

這篇文章是“設置和配置郵件服務器”系列的一部分。該系列的其他文章:

•使用PostfixAdminMarch 1,2018設置郵件服務器•安裝和配置Postfix和DovecotMarch 2,2018•安裝和集成RspamdMarch 8,2018•安裝和配置Roundcube Webmail2018年3月12日

Sidebar