1. install postfix ==> cd /usr/port/mail/
make install clean ,
2.
Would you like to activate Postfix in /usr/local/etc/mail/mailer.conf [n]? y
Activate Postfix in /usr/local/etc/mail/mailer.conf
To use postfix instead of sendmail:
- clear sendmail queue and stop the sendmail daemons
3.
Disable sendmail(8) specific tasks,
add the following lines to /etc/periodic.conf(.local):
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
設定檔:
vi /usr/local/etc/postfix/main.cf
=======================================================================================
myhostname = mail.lab.com
mydomain = lab.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain // mail server 要收信的domain
mynetworks = 127.0.0.0/8 // 允許不需認證就能relay的網段,其餘的網段需做帳號密碼認證成功才能寄信
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
#cyrul-sasl 用
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtp_sasl_password_maps = hash:/usr/local/etc/sasldb2
smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
#dovecot 用
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client sbl-xbl.spamhaus.org
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
mailbox_size_limit = 512000000
message_size_limit = 10240000
#enable tls
#smtp_tls_CAfile = /etc/openssl/certs/ca.pem //此憑證可用 radiusd 產生的ca / server 憑證來用
#smtp_tls_cert_file = /etc/openssl/certs/server.pem
#smtp_tls_key_file = /etc/openssl/certs/server.un.pem // 此憑證必須為解密過的檔案 :註1
#smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
#smtp_tls_security_level = may
smtpd_tls_CAfile = /etc/openssl/certs/ca.pem
smtpd_tls_cert_file = /etc/openssl/certs/server.pem
smtpd_tls_key_file = /etc/openssl/certs/server.un.pem
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
此處mark起來可不需強迫做tls 認證,如要tls再反註解
#smtpd_tls_auth_only = yes
=================================================================================
vi master.cf
smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
=============================================================================
註1 : 用此指令來解密key檔。
# openssl rsa -in server-encrypted-key.pem -out server-unkey.pem
執行:
postalias /etc/aliases
以後修改 aliases 檔 只需執行 newalias 即可
備註:如果使用dovetoc來做mail的認證,cyrul-sasl不需安裝啟用
==========================================================================================
4. install cyrus-sasl
vi /usr/local/lib/sasl2/smtpd.conf
增加二行
pwcheck_method: saslauthd
mech_list: plain login
To run saslauthd from startup, add saslauthd_enable="YES" in your
/etc/rc.conf.
啟動
/usr/local/etc/rc.d/saslauthd start
/usr/local/etc/rc.d/postfix start
檢查
ps aux | grep sasl
root@fd11[/usr/local/lib/sasl2]> ps aux | grep sasl
root 8622 0.0 0.5 9792 2588 - Is Fri16 0:00.05 /usr/local/sbin/saslauthd -a pam
root 8623 0.0 0.5 9792 2660 - I Fri16 0:00.04 /usr/local/sbin/saslauthd -a pam
root 8624 0.0 0.5 9792 2588 - I Fri16 0:00.05 /usr/local/sbin/saslauthd -a pam
root 8625 0.0 0.5 9792 2588 - I Fri16 0:00.05 /usr/local/sbin/saslauthd -a pam
root 8626 0.0 0.5 9792 2588 - I Fri16 0:00.04 /usr/local/sbin/saslauthd -a pam
root 44308 0.0 0.1 368 252 1 R+ 11:01 0:00.00 grep sasl
==========================================================================================
5. 安裝 dovecot
pkg install dovecot
設定:
vi /usr/local/etc/dovecot.conf
protocols = imap pop3 imaps pop3s
ssl = yes
ssl_cert_file = /etc/openssl/certs/server.pem
ssl_key_file = /etc/openssl/certs/server.key //有支援key加密及解密二種方法
ssl_key_password = ******
ssl_ca_file = /etc/openssl/certs/ca.pem
mail_location = maildir:~/Maildir
vi 10-master.conf 檔
==>
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
--end
啟動 :
/usr/local/etc/rc.d/dovecot onestart
檢查:
root@lab2[/usr/local/etc/postfix]> sockstat -4l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
postfix smtpd 16810 6 tcp4 *:25 *:*
root master 16614 13 tcp4 *:25 *:*
root master 16614 17 tcp4 *:465 *:*
root dovecot 1399 24 tcp4 *:110 *:*
root dovecot 1399 26 tcp4 *:995 *:*
root dovecot 1399 39 tcp4 *:143 *:*
root dovecot 1399 41 tcp4 *:993 *:*
root sshd 621 4 tcp4 *:22 *:*
root syslogd 427 7 udp4 *:514 *:*
====================================
檢查:
root@lab2[/usr/local/etc/postfix]> telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 host.lab2.com ESMTP Postfix
ehlo localhost
250-host.lab2.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
可同時用plain login或tls 二選一。
留言列表
Linux (6)
