CentOS release 6.6 (Final) x86_64
Postfix 2.6.6
cyrus-sasl 2.1.23-15
dovecot 2.0.9-22
openssl 1.0

domian : regskynet.com
hostname : mail.regskynet.com

一、删除系统自带的sendmail

yum remove sendmail

或者

rpm -e sendmail

二、安装crontabs(计划任务)服务

yum install crontabs
service crond start
chkconfig crond on

三、安装postfix,cyrus-sasl-plain,cyrus-sasl-devel,dovecot

如果yum提示找不到软件包,请换一下源,请参考centos 6推荐使用epel源(http://blog.51yip.com/linux/1337.html)

yum install postfix
yum install cyrus-sasl-plain cyrus-sasl-devel
yum install dovecot

四、更改默认邮件传输代理(MTA)

alternatives --config mta

请输入图片描述

There are 2 programs which provide 'mta'. (共有 1 个程序提供“mta”。)
Selection Command

1 /usr/sbin/sendmail.exim
*+ 2 /usr/sbin/sendmail.postfix
按 Enter 来保存当前选择[+],或键入选择号码:2
Enter to keep the current selection[+], or type selection number: 2

cyrus-sasl配置

vi /etc/sasl2/smtpd.conf

在文件尾部加上以下内容

# 记录log的模式
log_level: 3

五、安装openssl

1、安装openssl

yum -y install openssl openssl-devel

2、创建密钥和证书存放目录

mkdir -p /etc/tls
cd /etc/tls

3、生成密钥和证书,根据向导输入相关的信息,其中证书名称为mail_cert.pem

openssl req -new -x509 -nodes -days 3650 -out mail_cert.pem
Generating a 2048 bit RSA private key
...................+++
..........+++
writing new private key to 'privkey.pem'

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:regskynet
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:mail.regskynet.com
Email Address []:xxxxxxx@gmail.com
请输入图片描述

ll

-rw-r--r-- 1 root root 1444 Sep 13 21:59 mail_cert.pem # 证书
-rw-r--r-- 1 root root 1704 Sep 13 21:59 privkey.pem # 私钥

4、设置权限

chmod 0600 privkey.pem

5、配置postfix

vi /etc/postfix/main.cf
// 76行,将等号后面的部分改写为本机主机名
myhostname = mail.regskynet.com
// 82行,设置域名
mydomain = regskynet.com
// 97行,把$myhostname改为$mydomain
myorigin = $mydomain
// 112行,把后面的localhost改成all
inet_interfaces = all
// 163行,把前面的注释拿掉,并加一下$mydomain
mydestination = $myhostname, localhost.$mydomain, localhost,$mydomain
// 209行,把前面的注释拿掉。
local_recipient_maps =
// 257行 Postfix默认将子网内的机器设置为可信任机器,如果只信任本机,就设置为host
mynetworks_style = host
// 263行,设置内网和本地IP
mynetworks = 0.0.0.0/0
 // 303行 配置哪些地址的邮件能够被Postfix转发,当然是mydomain的才能转发,否则其他人都可以用这台邮件服务器转发垃圾邮件了
relay_domains = $mydomain
// 426行,设置邮件收取目录(要与dovecot的10-mail.conf中的mail_location设置相同,不然无法收取邮件)
home_mailbox = Maildir/
// 568行,把前面的注释拿掉
smtpd_banner = $myhostname ESMTP $mail_name

6、配置ssl/tls

vi /etc/postfix/main.cf

配置如下:

# SSL/TSL配置
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_loglevel=3
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
smtpd_tls_cert_file = /etc/tls/mail_cert.pem
smtpd_tls_key_file =  /etc/tls/privkey.pem
tls_random_source = dev:/dev/urandom
tls_daemon_random_source = dev:/dev/urandom
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_ciphers     = medium
tls_medium_cipherlist           = AES128+EECDH:AES128+EDH
smtpd_tls_mandatory_protocols   = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_protocols             = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_delay_reject=yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unknown_sender_domain,reject_unknown_recipient_domain,reject_unauth_destination,permit_auth_destination,reject

7、配置master.cf

vi /etc/postfix/master.cf

找到

#smtps     inet  n       -       n       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes

将这三行注释打开

smtps     inet  n       -       n       -       -       smtpd
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes

8、重新启动postfix

service postfix restart

9、查看监听的端口

netstat -tnlp | grep master

或者

netstat -tunlp | grep 465

请输入图片描述

六、 配置dovecot

1、配置dovecot的ssl.conf

vi /etc/dovecot/conf.d/10-ssl.conf

ssl = yes

改为

ssl = required

修改这两个参数的值

ssl_cert = </etc/tls/mail_cert.pem
ssl_key = </etc/tls/privkey.pem

2、配置收件目录

vi /etc/dovecot/conf.d/10-mail.conf

配置如下:

# 30行: 取消注释并添加(要与postfix的main.cf中的home_mailbox设置相同,不然无法收取邮件)
mail_location = maildir:~/Maildir

3、修改imaps、pop3s配置

vi /etc/dovecot/conf.d/10-master.conf
  inet_listener imaps {
    port = 993
    ssl = yes
  }
 inet_listener pop3s {
    port = 995
    ssl = yes
  }

4、配置auth方式

vi /etc/dovecot/conf.d/10-auth.conf

配置如下:

# 9行: 取消注释并修改
disable_plaintext_auth = no
# 97行: 添加
auth_mechanisms = plain login

5、重启服务

service dovecot start
chkconfig dovecot on

6、查看端口监听

netstat -tnlp | grep dovecot

请输入图片描述

七、启动postfix,saslauthd,dovecot

启动cyrus-imapd服务,就可以同时提供pop和imap服务,如果你已安装了dovecot服务就可以删除掉,cyrus-imapd和dovecot二者选其一就行了,二都可以提供pop和imap服务,不过cyrus-imapd可以为每个用户创建一个信息,而且信箱具有层次结构,比较好管理。建议用cyrus-imapd。

chkconfig postfix on
chkconfig saslauthd on
chkconfig dovecot on

service postfix restart
service saslauthd restart
service dovecot restart

添加账户

useradd noreply
passwd noreply

如果使用PHPMaler发送邮件的话一定要记得检查PHPMailer里面所使用的用户是否在系统中存在,这次为了做 演示重装了系统,结果最后忘记创建账户了,害的我半个多小时才找到问题,这就不得不说了,有些错误提示的有点模糊,可能相同的错误却不一定是相同的原因。



《关于 Ciphers》

Last modification:November 25th, 2019 at 03:02 pm