[筆記] CentOS6 / Postfix / PostfixAdmin / Dovecot /RoundCubeMail / Let`s Encrypt Installation
本文于2046天之前發表,文章內容可能已經過時。
原文:http://blog.csdn.net/air_penguin/article/details/47662941
**LAMP
**
#添加 vmail 帳號,做為郵件處理用, uid 2000 必須要和後面的設定一致
useradd -u 2000 -d /var/vmail -m -s /sbin/nologin vmail
#安裝相關套件
yum -y install httpd mysql mysql-devel mysql-server php php-pecl-Fileinfo php-mcrypt php-devel php-mysql php-common php-mbstring php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc pcre pcre-devel
整合Apache和PHP
#vim /etc/httpd/conf/httpd.conf
#增加以下參數
> AddType application/x-httpd-php .php `
>
> `PHPIniDir `"/etc/php.ini"
#修改以下參數 p.s 有疑問,為何apache 要改用 vmail 來啟動?
> `DirectoryIndex index.php index.html index.html.var`
>
> `User vmail`
>
> `Group vmail
>
>
> `
測試 PHP
#vim /var/www/html/pfa/1.php
> <?php
>
>
> phpinfo();
>
>
> ?>
開啟 http://IP_ADDR/1.php 看看是不是可以正常顯示PHP環境
* * *
## **設定 postfixadmin**
**下載 postfixadmin**
> wget http://nchc.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.92/postfixadmin-2.92.tar.gz**解壓縮、更名、移動到httpd 路徑** >
tar xvf postfixadmin-2.92.tar.gz > > > mv postfixadmin-2.92 pfa > > > mv pfa /var/www/html/**安裝 dovecot套件** > yum install -y dovecot dovecot-devel dovecot-mysql **修改 postfixadmin 設定** #vim /var/www/html/pfa/config.inc.php > $CONF['configured'] = true; > > $CONF['database_type'] = 'mysql'; > > $CONF['database_host'] = 'localhost'; > > $CONF['database_user'] = 'postfix'; > > $CONF['database_password'] = 'postfix'; > > $CONF['database_name'] = 'postfix'; > > $CONF['admin_email'] = 'admin@email.com'; > > > **##底下這行原本是用 CRAM-MD5,但是一開始沒有改他,結果就造成錯誤** > > > **#預設是$CONF['encrypt'] = 'md5crypt'; 就保留預設吧** > > > $CONF['encrypt'] = 'md5crypt'; > > #$CONF['encrypt'] = 'dovecot:CRAM-MD5'; > > #底下修改密碼原則 ,原本有一些密碼原則設定,為了方便,都先取消 > > > $CONF['password_validation'] = array( > > # '/regular expression/' => '$PALANG key (optional: + parameter)', > > '/.{0}/' => 'password_too_short 5', # minimum length 5 characters > > '/([a-zA-Z].*){0}/' => 'password_no_characters 3', # must contain at least 3 characters > > '/([0-9].*){0}/' => 'password_no_digits 2', # must contain at least 2 digits > > ); > > > #系統預設信箱,看要不要改一改 > > > $CONF['default_aliases'] = array ( > > 'abuse' => 'abuse@change-this-to-your.domain.tld', > > 'hostmaster' => 'hostmaster@change-this-to-your.domain.tld', > > 'postmaster' => 'postmaster@change-this-to-your.domain.tld', > > 'webmaster' => 'webmaster@change-this-to-your.domain.tld' > > ); > > > // Default Domain Values > > // Specify your default values below. Quota in MB. > > $CONF['aliases'] = '0'; > > $CONF['mailboxes'] = '0'; > > $CONF['maxquota'] = '0'; > > $CONF['domain_quota_default'] = '40960'; > >
>
> **在MySQL中建立帳號並設定權限給 postfixadmin使用**
>
>
> mysql -u root -p
>
> `grant all on postfix.* to 'postfix'@'localhost' identified by 'postfix';`
>
> `flush privileges;
>
> quit;
>
> `
**測試登入 mysql**
> mysql -u postfix -ppostfix
>
>
> use postfix;
>
>
> show tables;
>
>
> quit;
#**修改所有者和所有组**
> `chown -R vmail.vmail /var/www/html/pfa`
>
> `chown -R vmail.vmail /var/lib/php/session/`
登入postfixadmin設定,參考之前寫的文章中,postfiadmin 設定的部分,主要就是修改 setup password
[http://wp.cowbay.org/2016/01/27/%e7%ad%86%e8%a8%98-centos-6-6-iredmail-0-9-4-%e5%ae%89%e8%a3%9d%e7%ad%86%e8%a8%98/](http://wp.cowbay.org/2016/01/27/%e7%ad%86%e8%a8%98-centos-6-6-iredmail-0-9-4-%e5%ae%89%e8%a3%9d%e7%ad%86%e8%a8%98/)
在完成設定後,會取得setup_password 的hash值,像是這樣
$CONF`[`'setup_password'`] = `'fd16d423a537fa766a501d089823c8be:a23d10bad95c883c98c817ea37afaeae1d186624'`;
修改 config.inc.php 把得到的值替換掉原本的設定
開啟 http://IP_ADDR/pfa/login.php
用剛剛建立的管理者帳號、密碼登入,並新增網域、帳號 測試看看
`
* * *
## `<span lang="EN-US"> **修改 Postfix** </span>`
#vim /etc/postfix/main.cf
> #基本設定
myhostname = mail.abc.com mydomain = abc.com myorigin = $mydomain inet_interfaces = all mynetworks_style = host mynetworks = 192.168.10.0/24, 127.0.0.0/8 #Virtual Domain virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf # Additional for quota support virtual_create_maildirsize = yes virtual_mailbox_extended = yes virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf virtual_mailbox_limit_override = yes virtual_maildir_limit_message = Sorry, this user has exceeded their disk space quota, please try again later. virtual_overquota_bounce = yes #Specify the user/group that owns the mail folders. I'm not sure if this is strictly necessary when using Dovecot's LDA. virtual_uid_maps = static:2000 virtual_gid_maps = static:2000 #Specifies which tables proxymap can read: http://www.postfix.org/postconf.5.html#proxy_read_maps proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps #SASL SUPPORT FOR CLIENTS # Turns on sasl authorization smtpd_sasl_auth_enable = yes #Use dovecot for authentication smtpd_sasl_type = dovecot # Path to UNIX socket for SASL smtpd_sasl_path = /var/run/dovecot/auth-client #Disable anonymous login. We don't want to run an open relay for spammers. smtpd_sasl_security_options = noanonymous #Adds support for email software that doesn't follow RFC 4954. #This includes most versions of Microsoft Outlook before 2007. broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # TRANSPORT MAP virtual_transport = dovecot dovecot_destination_recipient_limit = 1 **修改 master.cf**
**#vim /etc/postfix/master.cf**
**#注意flags前面要空兩個空白**
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
`<span lang="EN-US">
#**建立Virtual Mail 的script**
#**vim /etc/postfix/mysql_virtual_domains_maps.cf**
</span>`
> `<span lang="EN-US">
user = postfix password = postfix hosts = localhost dbname = postfix query = SELECT domain FROM domain WHERE domain='%s' AND active = '1' #optional query to use when relaying for backup MX #query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1' </span>`
# **vim /etc/postfix/mysql_virtual_alias_maps.cf**
> user = postfix
password = postfix hosts = localhost dbname = postfix query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
#**vim /etc/postfix/mysql_virtual_mailbox_maps.cf**
> user = postfix
password = postfix hosts = localhost dbname = postfix query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'
#**vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cf**
> user = postfix
password = postfix hosts = localhost dbname = postfix query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
* * *
## **設定Dovecot**
#**vim /etc/dovecot/dovecot.conf**
> protocols = imap pop3
listen = * dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } !include conf.d/*.conf
#**vim /etc/dovecot/conf.d/10-auth.conf**
> disable_plaintext_auth = no
auth_mechanisms = plain login cram-md5 !include auth-sql.conf.ext
#**vim /etc/dovecot/conf.d/10-mail.conf**
> mail_location = maildir:%hMaildir
mbox_write_locks = fcntl
#**vim /etc/dovecot/conf.d/10-master.conf**
> service imap-login {
inet_listener imap { } inet_listener imaps { } } service pop3-login { inet_listener pop3 { } inet_listener pop3s { } } service lmtp { unix_listener lmtp { } } service imap { } service pop3 { } service auth { unix_listener auth-userdb { mode = 0600 user = vmail group = vmail } #新增 unix_listener auth-client { mode = 0600 user = postfix group = postfix } } service auth-worker { } service dict { unix_listener dict { mode = 0600 user = vmail group = vmail } }
#這邊我就沒有設定了
#**vim /etc/dovecot/conf.d/15-lda.conf**
> protocol lda {
mail_plugins = quota postmaster_address = admin@abc.com }
#這個也沒有設定
#**vim /etc/dovecot/conf.d/20-imap.conf**
> protocol imap {
mail_plugins = quota imap_quota }
#這個有設定,不過沒設定quota
#**vim /etc/dovecot/conf.d/20-pop3.conf**
> protocol pop3 {
pop3_uidl_format = %08Xu%08Xv mail_plugins = quota }
#沒有設定
#**vim /etc/dovecot/conf.d/90-quota.conf**
> plugin {
quota_rule = *:storage=1G } plugin { } plugin { quota = dict:User quota::proxy::quota } plugin { } 新增Dovecot 的 MYSQL 設定檔
#**vim /etc/dovecot/dovecot-sql.conf.ext**
> driver = mysql
connect = host=localhost dbname=postfix user=postfix password=postfix ##原文是用 CRAM-MD5 但是因為我設定錯誤,導致認證失敗,所以我改用MD5-CRYPT default_pass_scheme = MD5-CRYPT #default_pass_scheme = CRAM-MD5 user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 2000 AS uid, 2000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1' password_query = SELECT username AS user, password, CONCAT('/var/vmail/', maildir) AS userdb_home, 2000 AS userdb_uid, 2000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1'
#**vim /etc/dovecot/dovecot-dict-sql.conf.ext**
> connect = host=localhost dbname=postfix user=postfix password=postfix
map { pattern = priv/quota/storage table = quota2 username_field = username value_field = bytes } map { pattern = priv/quota/messages table = quota2 username_field = username value_field = messages } 重起 postfix / dovecot 看看有沒有錯誤
* * *
## 用telnet 測試 SMTP/POP3/IMAP 有沒有錯誤
**測試 SMTP**
> telnet localhost 25
Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.abc.com.tw ESMTP Postfix ehlo me #輸入 ehlo me ,應該會有底下的回應 250-mail.abc.com.tw 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH PLAIN LOGIN CRAM-MD5 250-AUTH=PLAIN LOGIN CRAM-MD5 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN 按 ctrl + ] 離開
**測試POP3** ,當然要先用 postfixadmin 建立帳號
> telnet localhost 110
Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. user admin@abc.com #輸入 user mail@address.com 的格式 +OK pass password #輸入明文密碼 +OK Logged in. #出現OK代表驗證通過 按 ctrl + ] 離開
**測試 IMAP**
> telnet localhost 143
Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready. A LOGIN "admin@abc.com" "password" #輸入 A LOGIN "帳號" "密碼" 進行登入測試 A OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in #成功登入 到此,基本郵件設定已經OK
* * *
UPDATE
要發信的時候會發生錯誤
要在 main.cf 裡補上這一行
> mailbox_command = /usr/libexec/dovecot/deliver
這樣才可以
* * *
接下來要弄 RoundCubeMail / Letsencrypt
yum install roundcubemail
修改安裝路徑的目錄擁有者和權限 (所以我說嘛,為啥一開始要把 httpd 的執行者改成 vmail ? )
開啟 roundcubemail 登入會發生錯誤
LOG裡面有提示
PHP Error: Access denied for new user 'auto_create_user' is disabled in /usr/share/roundcubemail/program/include/rcmail.php on line 622 (POST /roundcubemail/?_task=login?_task=login&_action=login)
打開這個選項就可以了!
* * *
Postfix / Dovecot with LETSENCRYPT
File: /etc/dovecot/conf.d/10-ssl.conf
<pre>`ssl_cert = </etc/letsencrypt/live/abc.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/abc.com/privkey.pem`</pre>
File: /etc/postfix/main.cf
<pre>`smtpd_tls_cert_file=/etc/letsencrypt/live/abc.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/abc.com/privkey.pem
smtpd_use_tls=yes
OUTLOOK 相關設定
SMTP 寄信需要驗證
IMAP/SMTP 都有加密,也不會跳出提示加密資訊不合法的視窗!