[筆記] CentOS6 / Postfix / PostfixAdmin / Dovecot /RoundCubeMail / Let`s Encrypt Installation

原文：http://blog.csdn.net/air_penguin/article/details/47662941

**LAMP

#添加 vmail 帳號，做為郵件處理用， uid 2000 必須要和後面的設定一致

useradd -u 2000 -d /var/vmail -m -s /sbin/nologin vmail

#安裝相關套件

yum -y install httpd mysql mysql-devel mysql-server php php-pecl-Fileinfo php-mcrypt php-devel php-mysql php-common php-mbstring php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc pcre pcre-devel

整合Apache和PHP

#vim /etc/httpd/conf/httpd.conf

#增加以下參數

> AddType application/x-httpd-php .php ` > >

`PHPIniDir `"/etc/php.ini"

#修改以下參數 p.s 有疑問，為何apache 要改用 vmail 來啟動？

`DirectoryIndex index.php index.html index.html.var`

> >

`User vmail`

> >

`Group vmail
> 
> 
>     `

測試 PHP #vim /var/www/html/pfa/1.php > <?php > > > phpinfo(); > > > ?> 開啟 http://IP_ADDR/1.php 看看是不是可以正常顯示PHP環境 * * * ## **設定 postfixadmin** **下載 postfixadmin** >

wget http://nchc.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.92/postfixadmin-2.92.tar.gz

**解壓縮、更名、移動到httpd 路徑** >

tar xvf postfixadmin-2.92.tar.gz
> 
> 
>     mv postfixadmin-2.92 pfa
> 
> 
>     mv pfa /var/www/html/

**安裝 dovecot套件** > yum install -y dovecot dovecot-devel dovecot-mysql **修改 postfixadmin 設定** #vim /var/www/html/pfa/config.inc.php > $CONF['configured'] = true; > > $CONF['database_type'] = 'mysql'; > > $CONF['database_host'] = 'localhost'; > > $CONF['database_user'] = 'postfix'; > > $CONF['database_password'] = 'postfix'; > > $CONF['database_name'] = 'postfix'; > > $CONF['admin_email'] = 'admin@email.com'; > > > **##底下這行原本是用 CRAM-MD5，但是一開始沒有改他，結果就造成錯誤** > > > **#預設是$CONF['encrypt'] = 'md5crypt'; 就保留預設吧** > > > $CONF['encrypt'] = 'md5crypt'; > > #$CONF['encrypt'] = 'dovecot:CRAM-MD5'; > > #底下修改密碼原則，原本有一些密碼原則設定，為了方便，都先取消 > > > $CONF['password_validation'] = array( > > # '/regular expression/' => '$PALANG key (optional: + parameter)', > > '/.{0}/' => 'password_too_short 5', # minimum length 5 characters > > '/([a-zA-Z].*){0}/' => 'password_no_characters 3', # must contain at least 3 characters > > '/([0-9].*){0}/' => 'password_no_digits 2', # must contain at least 2 digits > > ); > > > #系統預設信箱，看要不要改一改 > > > $CONF['default_aliases'] = array ( > > 'abuse' => 'abuse@change-this-to-your.domain.tld', > > 'hostmaster' => 'hostmaster@change-this-to-your.domain.tld', > > 'postmaster' => 'postmaster@change-this-to-your.domain.tld', > > 'webmaster' => 'webmaster@change-this-to-your.domain.tld' > > ); > > > // Default Domain Values > > // Specify your default values below. Quota in MB. > > $CONF['aliases'] = '0'; > > $CONF['mailboxes'] = '0'; > > $CONF['maxquota'] = '0'; > > $CONF['domain_quota_default'] = '40960'; > >


> 
>     **在MySQL中建立帳號並設定權限給 postfixadmin使用**
> 
> 
>     mysql -u root -p
> 
>     `grant all on postfix.* to 'postfix'@'localhost' identified by 'postfix';`

> >

`flush privileges;
> 
>     quit;
> 
>     `

**測試登入 mysql** > mysql -u postfix -ppostfix > > > use postfix; > > > show tables; > > > quit;

#**修改所有者和所有组**

`chown -R vmail.vmail /var/www/html/pfa`

> >

`chown -R vmail.vmail /var/lib/php/session/`

登入postfixadmin設定，參考之前寫的文章中，postfiadmin 設定的部分，主要就是修改 setup password [http://wp.cowbay.org/2016/01/27/%e7%ad%86%e8%a8%98-centos-6-6-iredmail-0-9-4-%e5%ae%89%e8%a3%9d%e7%ad%86%e8%a8%98/](http://wp.cowbay.org/2016/01/27/%e7%ad%86%e8%a8%98-centos-6-6-iredmail-0-9-4-%e5%ae%89%e8%a3%9d%e7%ad%86%e8%a8%98/) 在完成設定後，會取得setup_password 的hash值，像是這樣

$CONF`[`'setup_password'`] = `'fd16d423a537fa766a501d089823c8be:a23d10bad95c883c98c817ea37afaeae1d186624'`;
    修改 config.inc.php 把得到的值替換掉原本的設定
    開啟 http://IP_ADDR/pfa/login.php
    用剛剛建立的管理者帳號、密碼登入，並新增網域、帳號 測試看看
    `

* * *

## `<span lang="EN-US"> **修改 Postfix** </span>`

#vim /etc/postfix/main.cf
> #基本設定

myhostname = mail.abc.com


mydomain = abc.com


myorigin = $mydomain


inet_interfaces = all


mynetworks_style = host


mynetworks = 192.168.10.0/24, 127.0.0.0/8


#Virtual Domain


virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf


virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf


virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf


# Additional for quota support


virtual_create_maildirsize = yes


virtual_mailbox_extended = yes


virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf


virtual_mailbox_limit_override = yes


virtual_maildir_limit_message = Sorry, this user has exceeded their disk space quota, please try again later.


virtual_overquota_bounce = yes


#Specify the user/group that owns the mail folders. I'm not sure if this is strictly necessary when using Dovecot's LDA.


virtual_uid_maps = static:2000


virtual_gid_maps = static:2000


#Specifies which tables proxymap can read: http://www.postfix.org/postconf.5.html#proxy_read_maps


proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps


#SASL SUPPORT FOR CLIENTS


# Turns on sasl authorization


smtpd_sasl_auth_enable = yes


#Use dovecot for authentication


smtpd_sasl_type = dovecot


# Path to UNIX socket for SASL


smtpd_sasl_path = /var/run/dovecot/auth-client


#Disable anonymous login. We don't want to run an open relay for spammers.


smtpd_sasl_security_options = noanonymous


#Adds support for email software that doesn't follow RFC 4954.


#This includes most versions of Microsoft Outlook before 2007.


broken_sasl_auth_clients = yes


smtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination


# TRANSPORT MAP


virtual_transport = dovecot


dovecot_destination_recipient_limit = 1
**修改 master.cf**

**#vim /etc/postfix/master.cf**

**#注意flags前面要空兩個空白**

dovecot   unix  -       n       n       -       -       pipe

flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}

`<span lang="EN-US">
#**建立Virtual Mail 的script**
#**vim /etc/postfix/mysql_virtual_domains_maps.cf**
</span>`
> `<span lang="EN-US">

user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

#optional query to use when relaying for backup MX

#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

</span>`
&nbsp;

# **vim /etc/postfix/mysql_virtual_alias_maps.cf**
> user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

#**vim /etc/postfix/mysql_virtual_mailbox_maps.cf**
> user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'

#**vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf**
> user = postfix

password = postfix

hosts = localhost

dbname = postfix

query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

* * *

## **設定Dovecot**

#**vim /etc/dovecot/dovecot.conf**
> protocols = imap pop3

listen = *

dict {

quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext

}

!include conf.d/*.conf

#**vim /etc/dovecot/conf.d/10-auth.conf**
> disable_plaintext_auth = no

auth_mechanisms = plain login cram-md5

!include auth-sql.conf.ext

#**vim /etc/dovecot/conf.d/10-mail.conf**
> mail_location = maildir:%hMaildir

mbox_write_locks = fcntl

#**vim /etc/dovecot/conf.d/10-master.conf**
> service imap-login {

inet_listener imap {

}

inet_listener imaps {

}

}

service pop3-login {

inet_listener pop3 {

}

inet_listener pop3s {

}

}

service lmtp {

unix_listener lmtp {

}

}

service imap {

}

service pop3 {

}

service auth {

unix_listener auth-userdb {

mode = 0600

user = vmail

group = vmail

}

#新增

unix_listener auth-client {

mode = 0600

user = postfix

group = postfix

}

}

service auth-worker {

}

service dict {

unix_listener dict {

mode = 0600

user = vmail

group = vmail

}

}
&nbsp;

#這邊我就沒有設定了
#**vim /etc/dovecot/conf.d/15-lda.conf**
> protocol lda {

mail_plugins = quota

postmaster_address = admin@abc.com

}
&nbsp;

#這個也沒有設定
#**vim /etc/dovecot/conf.d/20-imap.conf**
> protocol imap {

mail_plugins = quota imap_quota

}

#這個有設定，不過沒設定quota
#**vim /etc/dovecot/conf.d/20-pop3.conf**
> protocol pop3 {

pop3_uidl_format = %08Xu%08Xv

mail_plugins = quota

}

#沒有設定
#**vim /etc/dovecot/conf.d/90-quota.conf**
> plugin {

quota_rule = *:storage=1G

}

plugin {

}

plugin {

quota = dict:User quota::proxy::quota

}

plugin {

}
新增Dovecot 的 MYSQL 設定檔

#**vim /etc/dovecot/dovecot-sql.conf.ext**
> driver = mysql

connect = host=localhost dbname=postfix user=postfix password=postfix


##原文是用 CRAM-MD5 但是因為我設定錯誤，導致認證失敗，所以我改用MD5-CRYPT


default_pass_scheme = MD5-CRYPT

#default_pass_scheme = CRAM-MD5

user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 2000 AS uid, 2000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1'

password_query = SELECT username AS user, password, CONCAT('/var/vmail/', maildir) AS userdb_home, 2000 AS userdb_uid, 2000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1'
&nbsp;

#**vim /etc/dovecot/dovecot-dict-sql.conf.ext**
> connect = host=localhost dbname=postfix user=postfix password=postfix

map {

pattern = priv/quota/storage

table = quota2

username_field = username

value_field = bytes

}

map {

pattern = priv/quota/messages

table = quota2

username_field = username

value_field = messages

}
重起 postfix / dovecot 看看有沒有錯誤

* * *

## 用telnet 測試 SMTP/POP3/IMAP 有沒有錯誤

**測試 SMTP**
> telnet localhost 25

Trying ::1...

Connected to localhost.

Escape character is '^]'.

220 mail.abc.com.tw ESMTP Postfix

ehlo me #輸入 ehlo me ，應該會有底下的回應

250-mail.abc.com.tw

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-AUTH PLAIN LOGIN CRAM-MD5

250-AUTH=PLAIN LOGIN CRAM-MD5

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN
按 ctrl + ] 離開

**測試POP3** ，當然要先用 postfixadmin 建立帳號
> telnet localhost 110

Trying ::1...

telnet: connect to address ::1: Connection refused

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

+OK Dovecot ready.

user admin@abc.com #輸入 user mail@address.com 的格式

+OK

pass password #輸入明文密碼

+OK Logged in. #出現OK代表驗證通過
按 ctrl + ] 離開

**測試 IMAP**
> telnet localhost 143

Trying ::1...

telnet: connect to address ::1: Connection refused

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.

A LOGIN "admin@abc.com" "password" #輸入 A LOGIN "帳號" "密碼" 進行登入測試

A OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in #成功登入
到此，基本郵件設定已經OK

* * *

UPDATE

要發信的時候會發生錯誤

要在 main.cf 裡補上這一行
> mailbox_command = /usr/libexec/dovecot/deliver
這樣才可以

* * *

接下來要弄 RoundCubeMail  / Letsencrypt

yum install roundcubemail

修改安裝路徑的目錄擁有者和權限 (所以我說嘛，為啥一開始要把 httpd 的執行者改成 vmail ? )

開啟 roundcubemail 登入會發生錯誤

LOG裡面有提示

PHP Error: Access denied for new user  'auto_create_user' is disabled in /usr/share/roundcubemail/program/include/rcmail.php on line 622 (POST /roundcubemail/?_task=login?_task=login&amp;_action=login)

打開這個選項就可以了！

* * *

Postfix / Dovecot with LETSENCRYPT

File: /etc/dovecot/conf.d/10-ssl.conf
<pre>`ssl_cert = &lt;/etc/letsencrypt/live/abc.com/fullchain.pem
ssl_key = &lt;/etc/letsencrypt/live/abc.com/privkey.pem`</pre>
File: /etc/postfix/main.cf
<pre>`smtpd_tls_cert_file=/etc/letsencrypt/live/abc.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/abc.com/privkey.pem
smtpd_use_tls=yes

OUTLOOK 相關設定

SMTP 寄信需要驗證

IMAP/SMTP 都有加密，也不會跳出提示加密資訊不合法的視窗！