惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
MyScale Blog
MyScale Blog
Jina AI
Jina AI
爱范儿
爱范儿
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
I
Intezer
The Cloudflare Blog
T
Threat Research - Cisco Blogs
G
Google Developers Blog
Stack Overflow Blog
Stack Overflow Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
D
Docker
AI
AI
Scott Helme
Scott Helme
Attack and Defense Labs
Attack and Defense Labs
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
L
LangChain Blog
Recent Announcements
Recent Announcements
Security Latest
Security Latest
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
Last Week in AI
Last Week in AI
Security Archives - TechRepublic
Security Archives - TechRepublic
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Proofpoint News Feed
S
Securelist
S
Security Affairs
Project Zero
Project Zero
博客园 - 叶小钗
Google DeepMind News
Google DeepMind News
T
Tor Project blog
A
About on SuperTechFans
V2EX - 技术
V2EX - 技术
宝玉的分享
宝玉的分享
T
Tenable Blog
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
Simon Willison's Weblog
Simon Willison's Weblog
Forbes - Security
Forbes - Security
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
V
V2EX
AWS News Blog
AWS News Blog
The GitHub Blog
The GitHub Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Privacy & Cybersecurity Law Blog
阮一峰的网络日志
阮一峰的网络日志
I
InfoQ
C
CXSECURITY Database RSS Feed - CXSecurity.com
H
Hacker News: Front Page
美团技术团队

博客园 - 007少侠

使用Recaf编辑汇编代码直接修改java的编译代码class Centos Linux 更换源,原官方源已经不再提供服务 如何在Docker容器中的Linux系统(Ubuntu + Centos Linux)里面使用systemctl Centos Linux 7 搭建邮件服务器(postfix + dovecot) 【WSL2】在Windows通过自定义域名访问wsl2中的服务 Python pip pip3 源设置成国内源,阿里云源,清华大学源 利用云服务器实现内网穿透(frp),开启个人电脑(windows)可远程桌面访问 使用docker安装centos7并挂载主机目录 Rust交叉编译Mac编译Linux/Windows平台 Linux下安装dart sdk并配置环境变量 Linux下安装JDK-openj9并配置环境变量 centos7 安装 bbr加速 linux环境常用命令和java/jvm常用命令 mybatis plus + druid多数据源(使用dynamic实现) docker将容器打包成镜像并传输至其他服务器部署(可用于容器重新run) .gitignore == git添加忽略不生效解决方案 jenkins自动构建项目源码git pull时出现冲突的终极解决方案(git远程覆盖本地分支) mysql查询,根据时间查询:几天前、几天内的数据 spring boot 使用aop实现拦截器
Ubuntu Linux 搭建邮件服务器(postfix + dovecot)
007少侠 · 2024-08-07 · via 博客园 - 007少侠

准备工作

1. 一台公网服务器(需要不被服务商限制发件收件的,也就是端口25、110、143、465、587、993、995不被限制),如有防火墙或安全组需要把这些端口开放

2. 一个域名,最好是com cn org的一级域名

3. 域名备案(如果服务器是国外的则不需要备案)

一、配置域名解析

1. 登录阿里云,找到云解析DNS

选择域名,如abc.com

①. 添加MX记录

- 记录类型:MX

- 主机记录:@

- 记录值:mail.abc.com

- MX优先级:1

②添加A记录

- 记录类型:A

- 主机记录:mail

- 记录值:服务器IP

- TTL:10分钟

③添加SPF记录

- 记录类型:TXT

- 主机记录:@

- 记录值:v=spf1 mx:mail.abc.com ip4:服务器IP -all

- TTL:10分钟

最后完成如下图

2. 安装并配置Postfix

安装过程中有选项需要选择,先选择1(No configuration),等下一步再单独配置

apt-get update
sudo apt install -y postfix

② 安装完成,输入下面命令配置Postfix

sudo dpkg-reconfigure postfix

③ 将显示配置界面,选择 Internet Site ,然后分别输入或者选择以下值

mail.abc.com
steve
mail.abc.com, abc.com, localhost.localdomain, localhost
no
127.0.0.0/8
0
+
ipv4

④ 配置邮箱目录

sudo postconf -e 'home_mailbox = Maildir/'

⑤ 使用 SASL(Dovecot SASL)配置 Postfix 的 SMTP-AUTH,在终端提示符下运行这些命令

sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth'
sudo postconf -e 'myhostname = mail.abc.com'
sudo postconf -e 'smtpd_sasl_local_domain = $myhostname'
sudo postconf -e 'smtpd_sasl_security_options = noanonymous,noplaintext'
sudo postconf -e 'smtpd_sasl_tls_security_options = noanonymous'
sudo postconf -e 'broken_sasl_auth_clients = yes'
sudo postconf -e 'smtpd_sasl_auth_enable = yes'
sudo postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'

⑥ 配置TLS(使用自签名证书)

[root@mail ~]# cd
 
# 生成私钥
[root@mail ~]# openssl genrsa -des3 -out server.key 2048
Enter pass phrase:    #输入密码
Verifying - Enter pass phrase:  #重复输入密码
 
#下面这个步骤是删除server.key中的密码
[root@mail ~]# openssl rsa -in server.key -out server.key.insecure
Enter pass phrase for server.key:  #输入刚才设置的密码
writing RSA key

#重命名证书
[root@mail ~]# mv server.key server.key.secure
[root@mail ~]# mv server.key.insecure server.key

# 生成CSR(证书签名请求)
[root@mail ~]# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: #输入刚才设置的密码
You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN #国家简称
State or Province Name (full name) []:Beijing #省
Locality Name (eg, city) [Default City]:Beijing  #城市
Organization Name (eg, company) [Default Company Ltd]:OPS  #公司名
Organizational Unit Name (eg, section) []:OPS   #部门名
Common Name (eg, your name or your server's hostname) []:mail.abc.com
Email Address []:admin@abc.com  
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:  #直接按Enter
An optional company name []:  #直接按Enter

#生成自签名证书
[root@mail ~]# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Enter pass phrase for server.key:  #直接按Enter
Certificate request self-signature ok
subject=C = CN, ST = Beijing, L = Beijing, O = OPS, OU = OPS, CN = mail.abc.com, emailAddress = admin@abc.com
Getting Private key

#设置权限
[root@mail ~]# chmod 400 server.*

⑦ 最后把证书拷贝到系统证书目录

sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

⑧ 拥有证书后,配置 Postfix,在终端提示符下运行这些命令

sudo postconf -e 'smtp_tls_security_level = may'
sudo postconf -e 'smtpd_tls_security_level = may'
sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'
sudo postconf -e 'smtpd_tls_loglevel = 1'
sudo postconf -e 'smtpd_tls_received_header = yes'
sudo postconf -e 'smtpd_tls_auth_only = yes'

⑨ 最后查看配置 vim /etc/postfix/main.cf 后面部分如下即可

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/server.crt
smtpd_tls_key_file = /etc/ssl/private/server.key
smtpd_tls_security_level = may

smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache


smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.abc.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.abc.com, abc.com, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_tls_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_auth_only = yes

⑩ 配置SMTPS ==> vim /etc/postfix/master.cf 

smtps部分去掉注释

smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

3. 安装并配置Dovecot

① 安装dovecot

sudo apt install -y dovecot-core dovecot-imapd dovecot-pop3d

② 配置10-auth.conf

vim /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain  改成  auth_mechanisms = plain login 

③ 配置10-master.conf

vim /etc/dovecot/conf.d/10-master.conf
改成如下
service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone's userdb lookups.
  unix_listener auth-userdb {
    #mode = 0600
    #user = 
    #group = 
  }
    
  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
 }

④ 配置dovecot.conf

vim /etc/dovecot/dovecot.conf

listen = *, ::

#!include conf.d/*.conf

!include conf.d/10-auth.conf
!include conf.d/10-master.conf

ssl = no
disable_plaintext_auth = no
mail_location = maildir:~/Maildir

4. 启动邮箱服务并新增邮箱用户

sudo systemctl start postfix
sudo systemctl start dovecot
#重启命令:
sudo systemctl restart postfix
sudo systemctl restart dovecot
#设置开机自启动
sudo systemctl enable postfix
sudo systemctl enable dovecot

#======新建邮箱用户======
useradd -m 用户名
passwd 用户名
#输入密码
#确认密码

#======验证账户======
sudo doveadm auth test 用户名

5. 安装mailutils测试发件

sudo apt install -y mailutils

#======测试发件======
echo '搭建邮件服务器成功啦!!!' | mail -s '通知!' xxx@qq.com

6. 安装系统日志

sudo apt-get install -y rsyslog
sudo systemctl enable rsyslog
sudo systemctl start rsyslog
#后续查看邮件服务日志方式(需要重启postfix和dovecot)
tail -f /var/log/mail.log

1. windows10版本的Foxmail 新建账号完成后闪退,所以先设置下

首先找到Foxmail快捷方式,右键属性。
找到兼容性,并且在下方找到“以管理员身份运行此程序”,勾选,确定

2. 登录账号

打开Foxmail,新建账号 => 其它邮箱 => 手动设置 => POP3

邮件账号:账号@abc.com

密码:xxxxxx

POP服务器:mail.abc.com    SSL 110(不勾选,如果想勾选走995端口,则需要配置Dovecot的SSL信息,看后续第三步)

SMTP服务器:mail.abc.com  SSL 465(勾选)

 注:虽然发件服务(SMTP)启用了SSL走的端口是465,但是实测25端口还得开放,不然无法接收外部邮件

三、为Dovecot配置SSL(可选)

作用:为Dovecot配置SSL保护客户端和服务器之间的通信数据,防止第三方在传输过程中窃听

1. 修改主配置文件

vim /etc/dovecot/dovecot.conf

====================
#!include conf.d/*.conf
改成
!include conf.d/*.conf
====================
!include conf.d/10-auth.conf
!include conf.d/10-master.conf
ssl = no
改成
#!include conf.d/10-auth.conf
#!include conf.d/10-master.conf
#ssl = no
====================

2. 设置邮箱目录

vim /etc/dovecot/conf.d/10-mail.conf

====================
设置mail_location为
mail_location = maildir:~/Maildir
====================

3. 配置SSL证书

vim /etc/dovecot/conf.d/10-ssl.conf

====================
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.key
改成
ssl_cert = </etc/ssl/certs/server.crt
ssl_key = </etc/ssl/private/server.key
====================
ssl_client_ca_dir = /etc/ssl/certs
改成
#ssl_client_ca_dir = /etc/ssl/certs
====================

4. 配置SSL端口

vim /etc/dovecot/conf.d/10-master.conf

====================
  inet_listener imap {
    #port = 143
  }
改成
  inet_listener imap {
    #port = 143
    port = 0
  }
====================
service pop3-login {
  inet_listener pop3 {
    #port = 110
  }
}
改成
service pop3-login {
  inet_listener pop3 {
    #port = 110
    port = 0
  }
}
====================

5. 完全退出Dovecot进程并重新启动

netstat -lntp
#显示如下
xxxxxx    PID/Program name
xxxxxx     xxx/dovecot
#杀掉进程
kill -9 PID
#启动Dovecot
systemctl start dovecot

6. 最后修改Foxmail客户端配置

设置 => 账号 => 服务器

POP服务器(收件服务器) mail.abc.com SSL 995(勾选)

centos系统参考:https://www.cnblogs.com/007sx/p/18349388

本教程参考:https://ubuntu.com/server/docs/install-and-configure-postfix#smtps