Jump to content
新域网络技术论坛

FREEBSD架设邮件服务器实录


Jamers
 Share

Recommended Posts

最早最早以前是用的自己的服务器架设的邮件服务器,Windows下用过Mdaemon、CmailServer等等。Windows架设服务的事越干越少了,目前服务均架设在FREEBSD中。2011年左右使用了QQ的域名邮箱,一直到最近。现在发现国外的邮件腾讯的邮件服务器居然收不到。无奈重新搞回来吧?

 

原来Postfix也用过,当时由于对于垃圾邮件处理较好,当时的缺憾就是没有一个漂亮合适的webmail,现在看了一下使用roundcube,原来准备用openwebmail的,只是界面不够漂亮另外就是cgi搞起来麻烦,roundcube则完全符合我的习惯,纯PHP,界面漂亮大方。

 

目前仅提供最基本的功能,后续再调整反垃圾邮件、杀毒等等功能,开工!

 

Postfix安装:SMTP服务提供,mysql都选上我要使用mysql进行验证的。

cd /usr/ports/mail/postfix
make install clean

dovecot:POP3、IMAP等服务提供,

cd /usr/ports/mail/dovecot/
make install clean

配置dovecot:

cp /usr/local/etc/dovecot/example-config/dovecot.conf /usr/local/etc/dovecot/
cp /usr/local/etc/dovecot/example-config/dovecot-sql.conf.ext /usr/local/etc/dovecot/
mkdir /usr/local/etc/dovecot/conf.d/
cp /usr/local/etc/dovecot/example-config/conf.d/* /usr/local/etc/dovecot/conf.d/

ee /usr/local/etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5
password_query = \
  SELECT username, domain, password \
  FROM users WHERE username = '%n' AND domain = '%d' AND active = 'Y'
user_query = \
  SELECT home, uid, gid \
  FROM users WHERE username = '%n' AND domain = '%d'
iterate_query = SELECT username AS user FROM users

安装postfixadmin

cd /usr/ports/mail/postfixadmin
make install clean

建立数据库和用户:

# Create the database
CREATE DATABASE postfix;
  
# Create user and allow him to read from the mail database
GRANT SELECT ON postfix.* TO 'postfix'@'localhost' IDENTIFIED BY 'postfix';
FLUSH PRIVILEGES;

自己配置postfixadmin的访问路径,并建立相应数据表和相关数据。位置如下:

/usr/local/www/postfixadmin

 

建立mysql映射:

映射:
ee /usr/local/etc/postfix/mysql_virtual_alias_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'
#query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

ee /usr/local/etc/postfix/mysql_virtual_domains_maps.cf
user = postfix
password = postfix
hosts = localhost
dbname = postfix
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

ee /usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix
dbname = postfix
hosts = localhost
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = '1'
#query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

ee /usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
user = postfix
password = postfix
dbname = postfix
hosts = localhost
table = mailbox
select_field = CONCAT(domain,'/',maildir)
where_field = username
additional_conditions = and active = '1'
#query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'

其它配置:

ee /usr/local/etc/postfix/master.cf
在最后添加一行:
dovecot unix - n n - - pipe flags=DRhu user=postfix:postfix argv=/usr/local/libexec/dovecot/deliver -d $(recipient)

TLS生成证书:
openssl req -new -outform PEM -out /usr/local/etc/postfix/smtpd.cert -newkey rsa:2048 -nodes -keyout /usr/local/etc/postfix/smtpd.key -keyform PEM -days 3650 -x509
chmod 640 /usr/local/etc/postfix/smtpd.key
chgrp postfix /usr/local/etc/postfix/smtpd.key

cd /usr/local/share/examples/dovecot
ee dovecot-openssl.cnf   修改需要改的东西
sh mkcert.sh

安装roundcube:

cd /usr/ports/mail/roundcube
make install

文件目录为:/usr/local/www/roundcube
配置完成后访问:http://xxxx/installer/

配置postfix:这里是我目前的配置内容,自己根据需要修改

postconf -e 'virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf'
postconf -e 'virtual_mailbox_base = /var/spool/postfix'
postconf -e 'virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf'
postconf -e 'virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf'
postconf -e 'virtual_uid_maps = static:125'
postconf -e 'virtual_gid_maps = static:125'
postconf -e 'virtual_transport = dovecot'
postconf -e 'local_transport = virtual'
postconf -e 'local_recipient_maps = $virtual_mailbox_maps'
postconf -e 'transport_maps = hash:/usr/local/etc/postfix/transport'
postconf -e 'smtpd_sasl_auth_enable = yes'
postconf -e 'smtpd_helo_required = yes'
postconf -e 'broken_sasl_auth_clients = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous'
postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_rbl_client cblless.anti-spam.org.cn, reject_unauth_destination'
postconf -e 'smtpd_sasl_exceptions_networks = $mynetworks'
postconf -e 'smtpd_sasl_type = dovecot'
postconf -e 'smtpd_sasl_path = private/auth'
postconf -e 'smtpd_use_tls = yes'
postconf -e 'smtpd_tls_cert_file = /usr/local/etc/postfix/smtpd.cert'
postconf -e 'smtpd_tls_key_file = /usr/local/etc/postfix/smtpd.key'
postconf -e 'smtpd_sasl_local_domain = $mydomain'
postconf -e 'smtpd_sasl_tls_security_options = $smtpd_sasl_security_options'
postconf -e 'strict_rfc821_envelopes = yes'
postconf -e 'disable_vrfy_command = yes'
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = $virtual_mailbox_maps
local_transport = virtual
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, $mydomain, localhost
mydomain = zomew.com
myhostname = mail.zomew.com
mynetworks = 192.168.1.0/24, 192.168.2.0/24, 127.0.0.0/8
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /usr/local/etc/postfix/smtpd.cert
smtpd_tls_key_file = /usr/local/etc/postfix/smtpd.key
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /var/spool/postfix
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:125

添加smtps端口:

ee /usr/local/etc/postfix/master.cf

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

dovecot配置文件:有很多要修改的,这里的内容是dovecot -n显示的内容:

# 2.2.18: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 10.2-RELEASE amd64  ufs
base_dir = /var/run/dovecot/
first_valid_uid = 125
last_valid_uid = 125
mail_location = maildir:/var/spool/postfix/%d/%u
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
  }
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
  args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}

/usr/local/etc/dovecot/dovecot.conf

protocols = imap pop3 lmtp
base_dir = /var/run/dovecot/

/usr/local/etc/dovecot/dovecot-sql.conf.ext

driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix
default_pass_scheme = MD5-CRYPT
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 125 as uid,125 as gid FROM mailbox WHERE username =
iterate_query = SELECT username AS user FROM mailbox

/usr/local/etc/dovecot/conf.d/

10-auth.conf

disable_plaintext_auth = yes
!include auth-sql.conf.ext

10-mail.conf

mail_location = maildir:/var/spool/postfix/%d/%u
first_valid_uid = 125
last_valid_uid = 125

10-master.conf

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
  }

10-ssl.conf

ssl = yes
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
Link to comment
Share on other sites

postfix添加RBL过滤垃圾邮件:

main.cf

删除部分为了测试是否有效改成警告。正式使用的时候删除。

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
	warning_if_reject reject_rbl_client cblless.anti-spam.org.cn, 
	reject_unauth_destination

在使用过程中发现还有一些伪造发信地址的情况发生,例如:

Received: from xx.xx.xx.xx (unknown [23.99.111.214])

Received: from principal ([78.60.184.40])
          by igh44-mail.transoceanic.shari.koran.intesis.cl
          (InterMail vM.5.01.05.12 313-520-296-997-665-49051947) with ESMTP
          id <20984197562965.KWRN818804.qvo56-mail.city.defrock.intesis.cl@denouement>
          for <xxx@xxx.com>; Wed, 07 Oct 2015 16:15:17 +0100

添加过滤条件:

main.cf中添加验证

header_checks = pcre:/usr/local/etc/postfix/header_checks

ee /usr/local/etc/postfix/header_checks

if /^Received:/
        /^Received: +from +223\.68\.199\.14 +\((unknown \[.*\])\)/
                reject blacklist with Received: header: $1
endif

看看结果如何!

Link to comment
Share on other sites

roundcube密码无法修改:

修改配置文件:

 

居然无法提交SQL语句,伤!

cp /usr/local/www/roundcube/plugins/password/config.inc.php.dist /usr/local/www/roundcube/plugins/password/config.inc.php
ee /usr/local/www/roundcube/plugins/password/config.inc.php

$config['password_db_dsn'] = 'mysql://postfix:postfix@localhost/postfix';
$rcmail_config['password_query'] = 'UPDATE mailbox SET password=%c WHERE username=%u';
//最后加一行,自动建立默认文件夹
$config['create_default_folders'] = true;
Link to comment
Share on other sites

垃圾邮件过滤事宜
参考:http://wiki2.dovecot.org/Plugins/Antispam

反垃圾邮件设置:
cd /usr/ports/mail/dovecot2-antispam-plugin
make install

然后在IMAP客户端标注垃圾邮件即可自动完成学习。

 

 

mailscanner+SpamAssassin

 

/usr/ports/mail/mailscanner
make install

spamassassin 选上用来过滤垃圾邮件,杀毒模块自己选

 

cd /usr/ports/mail/spamass-rules
make install

ee /etc/rc.conf

spamd_enable="YES"
mta_enable="YES"
mta_type="postfix"
mailscanner_enable="YES"
mailscanner_configfile="/usr/local/etc/MailScanner/MailScanner.conf"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"

mkdir -p /var/spool/MailScanner/incoming /var/spool/MailScanner/quarantine
##chown -R postfix:postfix /var/spool/MailScanner

ee /usr/local/etc/MailScanner/MailScanner.conf
%org-name% = zomew
%org-long-name% = zomew.com
%web-site% = www.zomew.com
Run As User = postfix
Incoming Queue Dir = /var/spool/postfix/incoming
MTA = postfix


ee /usr/local/etc/freshclam.conf
#病毒库更新镜象地址设置,增加中国和日本的服务器
DatabaseMirror db.cn.clamav.net
DatabaseMirror db.jp.clamav.net

ee /usr/local/etc/clamd.conf
#编辑杀毒配置文件
LogClean yes
LogVerbose yes

ee /usr/local/etc/mail/spamassassin/local.cf
rewrite_header Subject *****SPAM*****
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...