天天看點

postfix郵件伺服器搭建

一、系統環境要求

作業系統:centos 7 X64

二、關閉sendmail

1、/bin/systemctl stop  sendmail.service

2、chkconfig sendmail off(關閉開機自啟動)

三、安裝postfix、dovecot

yum -y install postfix dovecot

四、修改/etc/postfix/main.cf内如如下:

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

myhostname = mail.shushujia.net

mydomain = shushujia.net

myorigin = $mydomain

inet_interfaces = all

inet_protocols = all

mydestination = shushujia.net

unknown_local_recipient_reject_code = 550

relay_domains = shushujia.net

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

home_mailbox = Maildir/

mail_spool_directory = /var/spool/mail

debug_peer_level = 2

debugger_command =

     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

     ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.10.1/samples

readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = ''

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

broken_sasl_auth_clients = yes

smtpd_client_restrictions = permit_sasl_authenticated

smtpd_sasl_security_options = noanonymous

mynetworks = 114.215.137.209,127.0.0.0/8 #填寫主機外網IP位址

五、修改dovecot配置檔案如下:

1、/etc/dovecot/dovecot.conf

    protocols = imap pop3 lmtp

    listen = *

    base_dir = /var/run/dovecot/

    login_trusted_networks = 0.0.0.0/0

    log_path = /var/log/dovecot.log

    dict {

    }

    !include conf.d/*.conf

    !include_try local.conf

2、/etc/dovecot/conf.d/10-mail.conf

    mail_location = maildir:~/Maildir

    mbox_write_locks = fcntl

    namespace inbox {

      inbox = yes

六、修改/etc/pam.d/dovecot,支援系統使用者認證

#%PAM-1.0

auth       required     pam_nologin.so

auth       include      password-auth

account    include      password-auth

session    include      password-auth

auth  include  system-auth

account  include  system-auth

session  include  system-auth

七,修改/etc/sysconfig/saslauthd如下:

SOCKETDIR=/run/saslauthd

MECH=shadow

FLAGS=

八、啟動postfix,dovecot,saslauthd

/bin/systemctl start  postfix.service

/bin/systemctl start  dovecot.service

/bin/systemctl start  saslauthd.service

九、防火牆開放端口110,25,143

iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT

十、建立郵箱使用者

由于使用者伺服器支援認證系統使用者,是以直接建立系統使用者即可

建立使用者:useradd username –s /sbin/nologin(禁用遠端登入權限)

使用者授權:echo"password" | passwd--stdin username

十一、域名郵件記錄解析

登入域名提供商網站,添加域名MX記錄、A記錄、TXT記錄

     本文轉自aaron428 51CTO部落格,原文連結:http://blog.51cto.com/aaronsa/1728267,如需轉載請自行聯系原作者

繼續閱讀