首先说一下此方法的局限
-
Postfix发送;Dovecot接收;SquirrelMail运行于nginx,为网页客户端 - 邮件账户为Ubuntu实际用户,不支持虚拟账户
- 如果不与DNS结合,就会导致对于其他域的邮箱,只能发送不能接收,因为其他域的机器不知道本文的
zjc.com是啥东东 - 暂未想到
前提
- 配置的机器hostname为zjc.com, IP地址为10.1.6.197
准备工作
- 如果软件源不给力,可以换源,然后更新源
sudo apt-get update,此处不细表
安装postfix
$ sudo apt-get install postfix- 安装后默认配置选择Internet Sites选项好了,其余的默认就好了
配置postfix
-
$ sudo dpkg-reconfigure postfix - 在接下来的选项中依次选择
- Internet Site
- zjc.com
- zjc
- zjc.com, localhost.zjc, localhost
- No
- 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.1.6.197/24
- 0
- +
- all
- Internet Site
配置Postfix和Dovecot的SMTP验证(使用TLS)
`$ sudo gedit /etc/postfix/main.cf`在/etc/postfix/main.cf中增加以下行Configure Postfix for SMTP-AUTH using Dovecot SASL
home_mailbox = Maildir/
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes为TLS生成数字证书
$ cd ~
$ openssl genrsa -des3 -out server.key 2048
$ openssl rsa -in server.key -out server.key.insecure
$ mv server.key server.key.secure
$ mv server.key.insecure server.key
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
$ sudo cp server.crt /etc/ssl/certs
$ sudo cp server.key /etc/ssl/private为postfix配置证书和秘钥路径
$ sudo postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key'
$ sudo postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt'配置postfit:支持smtps(465)和submission(587)
`$ sudo gedit /etc/postfix/master.cf`对下面一些行取消注释submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING安装Dovecot
$ sudo apt-get install dovecot-common- 在弹出的安装界面选择
- yes
- mail.zjc.com
- yes
配置Dovecot
$ sudo gedit /etc/dovecot/conf.d/10-master.conf- 找到
# Postfix smtp-auth(95行),修改如下
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}-
$ sudo gedit /etc/dovecot/conf.d/10-auth.conf
替换auth_mechanisms = plain
为auth_mechanisms = plain login
重启服务
$ sudo service postfix restart
$ sudo service dovecot restart测试SMTP-AUTH和SMTP/POP3接口
zjc@zjc:~$ telnet mail.zjc.com smtp
Trying 10.1.6.197...
Connected to mail.zjc.com.
Escape character is '^]'.
220 zjc.com ESMTP Postfix (Ubuntu)接下来,键入echlo mail.zjc.com,并确信得到了下面的行
ehlo mail.zjc.com
250-zjc.com
--------
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
---------
250 DSN然后,端口换位587 (telnet mail.zjc.com 587)再测试一遍
Postfix配置就完成了
安装devecot
$ sudo apt-get install dovecot-imapd dovecot-pop3d
配置devcot
-
$ sudo gedit /etc/dovecot/conf.d/10-mail.conf把
mail_location = mbox:~/mail:INBOX=/var/mail/%u
替换为mail_location = maildir:~/Maildir -
$ sudo gedit /etc/dovecot/conf.d/20-pop3.conf把
pop3_uidl_format = %08Xu%08Xv这一行取消注释 -
$ sudo gedit /etc/dovecot/conf.d/10-ssl.conf打开ssl
ssl = yes 重启devecot
$ sudo service dovecot restart
测试pop3和imap功能
通过telnet命令,测试端口
telnet mail.zjc.com 110
Trying 10.1.6.197...
Connected to zjc.com.
Escape character is '^]'.
+OK Dovecot (Ubuntu) ready.然后重复测试以下端口:995, 993, 143
或者通过查看端口命令$ netstat -nl4
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN
tcp 0 0 127.0.1.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
创建测试账户mtest1
$ sudo useradd -m mtest1 -s /sbin/nologin
$ sudo passwd mtest1配置thunderbird客户端,如下
这里有一个证书安全的问题(涉及到证书信任问题,留待以后解决)
点击Confirm Security Exception来接受
在配置邮箱和发送邮件时候都会弹出错误提示,都选择接受就好了
测试发送邮件
- 发送给自己
可以发送接收
-
发送给qq邮箱
qq邮箱可以接收,但是回复失败:因为找不到zjc.com是啥东东
-
发送给exchange邮箱
貌似收不到 - (第二天)收到了,可能跟公司的邮件服务器反应有点慢有关系
APC
安装php apc
$ sudo apt-get install php-apc
重启php5-fpm
$ sudo /etc/init.d/php5-fpm restart
APC is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It’s similar to other PHP opcode cachers, such as eAccelerator and XCache. It is strongly recommended to have one of these installed to speed up your PHP page.
在nginx上配置mail.zjc.com虚拟目录
安装squirrelmail
$ sudo apt-get install squirrelmail
配置squirrelmail
$ squirrelmail-configure
以下是依次的选择:
D (Set pre-defined settings for specific IMAP servers)
Please select your IMAP server: devecot
S (Save data)
修改enginx的虚拟主机mail.zjc.com配置文件
sudo gedit /etc/nginx/sites-available/mail.zjc.com.vhost
文件内容为:
server {
[...]
location /squirrelmail {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/squirrelmail/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
location ~* ^/squirrelmail/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /webmail {
rewrite ^/* /squirrelmail last;
}
[...]
}
重启nginx服务器
$ sudo /etc/init.d/nginx reload
现在可以通过http://mail.zjc.com/squirrelmail来访问了,用户名密码为机器上的真实用户名密码
参考
http://www.krizna.com/ubuntu/setup-mail-server-ubuntu-14-04/
https://www.howtoforge.com/running-squirrelmail-on-nginx-lemp-on-debian-squeeze-ubuntu-11.04