很多年了,一直想搭个支持虚拟用户的邮件系统,但各种Selinux问题,都没成功过(坚决不关闭Selinux!),目前系统为最新的Centos7.3。
前几天又心血来潮,上网下载了最新版的Postfixadmin(目前最新版为2017-02-12更新的3.0.2版),试着安装下,结果发现之前的Selinux问题全没了!于是上网找相关教程,试了几天,今天终于成功了!
前两天,一直卡着:能发信,但不能收信,虚拟用户的邮件提示找不到用户。通过反复的测试,发现,原来是参考教程中有两个配置文件中有多个空格导致的,也就是说配置文件的空格不能多一个-_-#
创建邮件用户
groupadd vmail -g 2222
useradd vmail -r -g 2222 -u 2222 -d /home/data/mail -m -c "mail user" -s /sbin/nologin
安装postfix
- 记得安装epel-release
sudo yum install epel-release
sudo yum update
- 安装postfix
sudo yum install postfix
- 编辑/etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/postfix/aliases
alias_database = $alias_maps
inet_interfaces = all
inet_protocols = all
myhostname = mxawei.cn
mydomain = $myhostname
myorigin = $myhostname
mydestination = localhost.$mydomain, localhost
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
relay_domains = *
virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_alias_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_maps =
proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_mailbox_base = /home/data/mail
virtual_minimum_uid = 2222
virtual_transport = virtual
virtual_uid_maps = static:2222
virtual_gid_maps = static:2222
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
#smtpd_sasl_path = /var/run/dovecot/auth-client #这是原文件参数,用它,收不到外部邮件
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
#smtpd_milters = inet:127.0.0.1:8891
#non_smtpd_milters = $smtpd_milters
#milter_default_action = accept
#milter_protocol = 2
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/letsencrypt/live/mxawei.cn/privkey.pem
smtpd_tls_cert_file = /etc/letsencrypt/live/mxawei.cn/cert.pem
#smtpd_tls_CAfile = /etc/pki/tls/certs/1_root_bundle.crt
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
- 编辑/etc/postfix/master.cf 把下行中的#去掉
submission inet n - n - - smtpd
- 添加相关数据库连接文件
/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf
user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
/etc/postfix/sql/mysql_virtual_alias_maps.cf
user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#expansion_limit = 100
/etc/postfix/sql/mysql_virtual_domains_maps.cf
user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'
/etc/postfix/sql/mysql_virtual_mailbox_limit_maps.cf
user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1' #原文档,这里多了几个空格
/etc/postfix/sql/mysql_virtual_mailbox_maps.cf
user = postfix
password = password
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1' #原文档这里多了几个空格
安装Dovecot
- 安装程序包
sudo yum install dovecot dovecot-mysql
- 编辑/etc/dovecot/dovecot.conf
listen = *
protocols = imap pop3
disable_plaintext_auth = no
auth_mechanisms = plain login
mail_access_groups = vmail
default_login_user = vmail
first_valid_uid = 2222
first_valid_gid = 2222
#mail_location = maildir:~/Maildir
mail_location = maildir:/home/data/mail/%d/%n
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
service auth {
# unix_listener auth-client { #这是原文件,按这个设置,邮件客户端无法通过加密发送邮件。
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service imap-login {
process_min_avail = 1
user = vmail
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mxawei.cn/cert.pem
ssl_key = </etc/letsencrypt/live/mxawei.cn/privkey.pem
- 添加/etc/dovecot/dovecot-sql.conf
connect = host=127.0.0.1 dbname=postfix user=postfix password=password
driver = mysql
# Default password scheme - change to match your Postfixadmin setting.
# depends on your $CONF['encrypt'] setting:
# md5crypt -> MD5-CRYPT
# md5 -> PLAIN-MD5
# cleartext -> PLAIN
default_pass_scheme = MD5-CRYPT
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
# Query to retrieve user information, note uid matches dovecot.conf AND Postfix virtual_uid_maps parameter.
user_query = SELECT maildir, 2222 AS uid, 2222 AS gid FROM mailbox WHERE username = '%u' AND active='1'
# MYSQL :
user_query = SELECT CONCAT('/home/data/mail/', maildir) AS home, 2222 AS uid, 2222 AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
user_query = SELECT maildir, 2222 AS uid, 2222 AS gid, CONCAT('dict:storage=',floor(quota/1000),' proxy::quota') as quota FROM mailbox WHERE username = '%u' AND active='1'
- 添加/etc/dovecot/dovecot-dict-quota.conf
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=password
default_pass_scheme = MD5-CRYPT
table = quota
select_field = current
where_field = path
username_field = username
安装Postfixadmin
- 下载地址postfixadmin
- 安装
现在这版本,安装很简单,烦人的Selinux问题没有碰到,具体怎么安装就看目录下的INSTALL.TXT,少什么依赖,yum安装上就是了^_^
- 安全问题
基于安装考虑,可以限制访问Postfixadmin页面的访问IP。
编辑postfixadmin的站点配置文件,如下:
<Directory "">
...
Deny from all #添加拒绝所有IP的访问
Allow From 10.150.20.0/24 192.168.1.0/24 #添加允许指定IP或IP段的访问,多个IP或IP段用空格分开
...
</Directory>
- 重启服务
sudo systemctl restart postfix
sudo systemctl restart dovecot
如果出错,记得查看/var/log/messages和/var/log/maillog文件,上网找解决办法^_^
参考文档: https://yomotherboard.com/setup-postfixadmin-virtual-email-users/
配置文件打包: postfixconf
Related content
- CentOS7下给Postfix启用DKIM身份认证
- Centos7.1下搭建邮件服务器(Postfix+Dovecot+SSL+SquirrelMail)
- CentOS7 install Shadowsocks