MTA在邮件系统中处于非常重要的位置,他负责接收其他人给你发的信,并且负责把你的信转发到目的地。选择一个靠谱的MTA对建立邮件来说意义重大,因此我们使用Postfix!! :-)。另外MTA部分在邮件系统中的开发难度是最高的,起到的作用也是最大的,因此我们也常拿MTA的名字来称呼自己的邮件系统,比如:我常说我的邮件系统是Postfix。

1、安装postfix

安装时选择(如果你使用MySQL验证,可以选择MYSQL):

PCRE
SASL2
TLS
OPENLDAP
VDA
TEST

shell

# cd /usr/ports/mail/postfix27/ && make install clean

2、配置postfix

编辑/etc/rc.conf文件:

shell

# vi /etc/rc.conf

增加如下一行:

postfix_enable="YES" 

编辑/etc/aliases文件:

shell

# vi /etc/aliases

确保有如下一行

postfix: root 

替换掉系统带的sendmail程序

shell

# mv /usr/sbin/sendmail /usr/sbin/sendmail.bak
# cp /usr/local/sbin/sendmail /usr/sbin/sendmail

编辑/etc/periodic.conf文件:加入如下内容,禁掉sendmail的自动维护。

daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"

执行如下命令

shell

# /usr/local/sbin/postalias /etc/aliases
# chown postfix:postfix /etc/opiekeys
# /usr/local/sbin/postconf -n > /usr/local/etc/postfix/main2.cf
# mv /usr/local/etc/postfix/main2.cf /usr/local/etc/postfix/main.cf
# vi /usr/local/etc/postfix/main.cf

增加如下内容:

# hostname
mydomain = extmail.org
myhostname = mail.extmail.org
myorigin = $mydomain
virtual_mailbox_base = /home/domains
virtual_uid_maps=static:1000
virtual_gid_maps=static:1000

设置虚拟域和虚拟用户的配置文件:

shell

# cp /usr/local/www/extman/docs/ldap_virtual_* /usr/local/etc/postfix/
# vi /usr/local/etc/postfix/main.cf

增加以下内容:

virtual_alias_maps = $alias_maps, ldap:/usr/local/etc/postfix/ldap_virtual_alias_maps.cf
virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap_virtual_mailbox_maps.cf
virtual_mailbox_domains = ldap:/usr/local/etc/postfix/ldap_virtual_domains_maps.cf

3、SMTP认证设置

编辑/usr/local/lib/sasl2/smtpd.conf文件:

shell

# vi /usr/local/lib/sasl2/smtpd.conf

增加以下内容:

pwcheck_method:authdaemond
log_level:3
mech_list:PLAIN LOGIN
authdaemond_path:/var/run/authdaemond/socket

对postfix做如下配置使支持smtp认证

# SMTP AUTH config here
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain = $myhostname

4、postfix反垃圾设置

此处的反垃圾邮件只是在MTA级的一些预防垃圾邮件的设置,可根据实际情况以及自己的需要进行调整。

shell

# vi /usr/local/etc/postfix/main.cf

增加以下内容:

smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes

smtpd_client_restrictions =
        check_client_access hash:/usr/local/etc/postfix/client_access

smtpd_helo_restrictions=
        reject_invalid_hostname,check_helo_access hash:/usr/local/etc/postfix/helo_access

# SMTP sender login matching config
smtpd_sender_restrictions =
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        check_sender_access hash:/usr/local/etc/postfix/sender_access

#smtpd related config
smtpd_recipient_restrictions=
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_non_fqdn_hostname,
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_invalid_hostname

smtpd_data_restrictions = reject_unauth_pipelining
header_checks = regexp:/usr/local/etc/postfix/head_checks
body_checks = regexp:/usr/local/etc/postfix/body_checks

生成虚拟域数据库

shell

# touch /usr/local/etc/postfix/head_checks
# touch /usr/local/etc/postfix/body_checks
# touch /usr/local/etc/postfix/client_access
# touch /usr/local/etc/postfix/sender_access
# touch /usr/local/etc/postfix/helo_access
# postmap /usr/local/etc/postfix/head_checks
# postmap /usr/local/etc/postfix/body_checks
# postmap /usr/local/etc/postfix/client_access
# postmap /usr/local/etc/postfix/sender_access
# postmap /usr/local/etc/postfix/helo_access

5、TLS设置

生成证书,在这里默认私钥的访问密码为123,请根据自己的情况决定,以后可能会用得到。

shell

# mkdir -p /usr/local/etc/postfix/certs/CA
# cd /usr/local/etc/postfix/certs/CA
# mkdir certs crl newcerts private
# echo "01" > serial
# touch index.txt
# cp /usr/src/crypto/openssl/apps/openssl.cnf .

编辑openssl.cnf文件

shell

# vi openssl.cnf

确认dir参数的值是

/usr/local/etc/postfix/certs/CA

然后继续执行如下命令,并根据情况输入信息。输入信息类似如下:

Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:extmail.org
Email Address []:chifeng@gmail.com

命令如下:

shell

# openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
# openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
# openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
# openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
# rm tmp.pem
# cp cacert.pem mycert.pem mykey.pem /usr/local/etc/postfix/certs/
# cd /usr/local/etc/postfix/certs/
# chown root:wheel cacert.pem mycert.pem
# chown root:postfix mykey.pem
# chmod 755 cacert.pem
# chmod 644 mycert.pem
# chmod 440 mykey.pem
# ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0

6、配置postfix支持TLS

shell

# vi /usr/local/etc/postfix/main.cf
# TLS config here
smtpd_use_tls = yes
smtpd_tls_auth_only = no
smtp_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtp_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem
smtp_tls_key_file = /usr/local/etc/postfix/certs/mykey.pem
smtpd_tls_CAfile = /usr/local/etc/postfix/certs/cacert.pem
smtpd_tls_cert_file = /usr/local/etc/postfix/certs/mycert.pem
smtpd_tls_key_file = /usr/local/etc/postfix/certs/mykey.pemsmtpd_tls_received_header = yes
smtpd_tls_loglevel = 3
smtpd_starttls_timeout = 60s

配置master.cf文件:

shell

# vi /usr/local/etc/postfix/master.cf

修改如下内容:

smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 
陆、配置postfix.txt · 最后更改: 2012/11/01 14:08 由 shaobo
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki