Здесь уже было рассказано о почтовом сервере на postfix и courier с MySQL. По многочисленным просьбам выкладываем полностью проверенную методику (шпаргалку) по построению почтового сервера на Postfix, Dovecot и MySQL. В принципе это материал представляет из себя руководство для наших коллег и сотрудников.
Итак, пошаговая инструкция для Ubuntu/Debian:
Переходим в режим рута:
sudo su
Устанавливаем необходимые пакеты:
apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql mysql-server
Создаем новую базу данных — в этом примере mailserver
mysqladmin -p create mailserver
Входим в mysql (вводим пароль root базы данных):
mysql -p mailserver
Создаем нового MySQL пользователя (mailuser) и даем ему соответствующие привилегии:
GRANT SELECT ON mailserver.* TO 'mailuser'@'127.0.0.1' IDENTIFIED BY 'mailuserpass';
FLUSH PRIVILEGES;
Создаем таблицу virtual_domains для виртуальных доменов:
CREATE TABLE `virtual_domains` ( `id` int(11) NOT NULL auto_increment, `name` varchar(50) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Создаем таблицу для email адресов и паролей. Эта таблица virtual_users состоиз из полей domain_id , password — поля зашифрованного пароля пользователя и поля email :
CREATE TABLE `virtual_users` ( `id` int(11) NOT NULL auto_increment, `domain_id` int(11) NOT NULL, `password` varchar(106) NOT NULL, `email` varchar(100) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `email` (`email`), FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Создаем таблицу алиасов. Она позволит форвардить письма с одного адреса на другой.
CREATE TABLE `virtual_aliases` ( `id` int(11) NOT NULL auto_increment, `domain_id` int(11) NOT NULL, `source` varchar(100) NOT NULL, `destination` varchar(100) NOT NULL, PRIMARY KEY (`id`), FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
Все. Необходимые таблицы MySQL созданы.
Добавляем данные в таблицы:
Домены нужно поменять на актуальные.
INSERT INTO `mailserver`.`virtual_domains` (`id` ,`name`) VALUES ('1', 'example.com'), ('2', 'hostname.example.com'), ('3', 'hostname'), ('4', 'localhost.example.com');
Добавляем пользователей. Адреса и пароли нужно поменять на актуальные.
INSERT INTO `mailserver`.`virtual_users` (`id`, `domain_id`, `password` , `email`) VALUES ('1', '1', ENCRYPT('firstpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email1@example.com'), ('2', '1', ENCRYPT('secondpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email2@example.com');
И для примера довавляем хоть одну переадресацию.
INSERT INTO `mailserver`.`virtual_aliases` (`id`, `domain_id`, `source`, `destination`) VALUES ('1', '1', 'alias@example.com', 'email1@example.com');
Все. Проверяем.
SELECT * FROM mailserver.virtual_domains;
+----+-----------------------+ | id | name | +----+-----------------------+ | 1 | example.com | | 2 | hostname.example.com | | 3 | hostname | | 4 | localhost.example.com | +----+-----------------------+ 4 rows in set (0.00 sec)
SELECT * FROM mailserver.virtual_users;
+----+-----------+-------------------------------------+--------------------+ | id | domain_id | password | email | +----+-----------+-------------------------------------+--------------------+ | 1 | 1 | $6$574ef443973a5529c20616ab7c6828f7 | email1@example.com | | 2 | 1 | $6$030fa94bcfc6554023a9aad90a8c9ca1 | email2@example.com | +----+-----------+-------------------------------------+--------------------+ 2 rows in set (0.01 sec)
SELECT * FROM mailserver.virtual_aliases;
+----+-----------+-------------------+--------------------+ | id | domain_id | source | destination | +----+-----------+-------------------+--------------------+ | 1 | 1 | alias@example.com | email1@example.com | +----+-----------+-------------------+--------------------+ 1 row in set (0.00 sec)
exit
Настраиваем Postfix:
cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
nano /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = hostname.example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = example.com, hostname.example.com, localhost.example.com, localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all
# TLS parameters #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key #smtpd_use_tls=yes #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem smtpd_tls_key_file=/etc/ssl/private/dovecot.pem smtpd_use_tls=yes smtpd_tls_auth_only = yes
#Enabling SMTP for authenticated users, and handing off authentication to Dovecot smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
#mydestination = example.com, hostname.example.com, localhost.example.com, localhost mydestination = localhost
#Handing off local delivery to Dovecot's LMTP, and telling it where to store mail virtual_transport = lmtp:unix:private/dovecot-lmtp
#Virtual domains, users, and aliases virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # TLS parameters #smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key #smtpd_use_tls=yes #smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache #smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_tls_cert_file=/etc/ssl/certs/dovecot.pem smtpd_tls_key_file=/etc/ssl/private/dovecot.pem smtpd_use_tls=yes smtpd_tls_auth_only = yes #Enabling SMTP for authenticated users, and handing off authentication to Dovecot smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = host.example.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname #mydestination = example.com, hostname.example.com, localhost.example.com, localhost mydestination = localhost relayhost = mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all #Handing off local delivery to Dovecot's LMTP, and telling it where to store mail virtual_transport = lmtp:unix:private/dovecot-lmtp #Virtual domains, users, and aliases virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
nano /etc/postfix/mysql-virtual-mailbox-domains.cf
user = mailuser password = mailuserpass hosts = 127.0.0.1 dbname = mailserver query = SELECT 1 FROM virtual_domains WHERE name='%s'
service postfix restart
postmap -q example.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
nano /etc/postfix/mysql-virtual-mailbox-maps.cf
user = mailuser password = mailuserpass hosts = 127.0.0.1 dbname = mailserver query = SELECT 1 FROM virtual_users WHERE email='%s'
service postfix restart
postmap -q email1@example.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
nano /etc/postfix/mysql-virtual-alias-maps.cf
user = mailuser password = mailuserpass hosts = 127.0.0.1 dbname = mailserver query = SELECT destination FROM virtual_aliases WHERE source='%s'
service postfix restart
postmap -q alias@example.com mysql:/etc/postfix/mysql-virtual-alias-maps.cf
Должно вернуть адрес НА который переадресуется почта.
С Postfix все.
Настраиваем Dovecot, который позволяет пользователям логинится и проверять/получать почту по протоколам POP3 и IMAP. Порт SSL — 993 для IMAP и 995 для POP3.
cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig cp /etc/dovecot/conf.d/10-mail.conf /etc/dovecot/conf.d/10-mail.conf.orig cp /etc/dovecot/conf.d/10-auth.conf /etc/dovecot/conf.d/10-auth.conf.orig cp /etc/dovecot/dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext.orig cp /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-master.conf.orig cp /etc/dovecot/conf.d/10-ssl.conf /etc/dovecot/conf.d/10-ssl.conf.orig
nano /etc/dovecot/dovecot.conf
File excerpt:/etc/dovecot/dovecot.conf
!include conf.d/*.conf
# Enable installed protocols !include_try /usr/share/dovecot/protocols.d/*.protocol protocols = imap pop3 lmtp
nano /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
ls -ld /var/mail
drwxrwsr-x 2 root mail 4096 Mar 6 15:08 /var/mail
mkdir -p /var/mail/vhosts/example.com
groupadd -g 5000 vmail useradd -g vmail -u 5000 vmail -d /var/mail
chown -R vmail:vmail /var/mail
nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_mechanisms = plain login
#!include auth-system.conf.ext
#!include auth-system.conf.ext !include auth-sql.conf.ext #!include auth-ldap.conf.ext #!include auth-passwdfile.conf.ext #!include auth-checkpassword.conf.ext #!include auth-vpopmail.conf.ext #!include auth-static.conf.ext
nano /etc/dovecot/conf.d/auth-sql.conf.ext
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n }
nano /etc/dovecot/dovecot-sql.conf.ext
driver = mysql
connect = host=127.0.0.1 dbname=mailserver user=mailuser password=mailuserpass
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';
Здесь именем пользователя является email. Чтобы использовать имя пользователя как ИМЯ, нужно
password_query = SELECT email as user, password FROM virtual_users WHERE email=(SELECT destination FROM virtual_aliases WHERE source = '%u');
chown -R vmail:dovecot /etc/dovecot
chmod -R o-rwx /etc/dovecot
nano /etc/dovecot/conf.d/10-master.conf
service imap-login { inet_listener imap { port = 0 } ... } service pop3-login { inet_listener pop3 { port = 0 } ... }
service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} }
service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Its default # permissions make it readable only by root, but you may need to relax these # permissions. Users that have access to this socket are able to get a list # of all usernames and get results of everyone's userdb lookups. unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } unix_listener auth-userdb { mode = 0600 user = vmail #group = } # Postfix smtp-auth #unix_listener /var/spool/postfix/private/auth { # mode = 0666 #} # Auth process is run as this user. user = dovecot }
service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. user = vmail }
ls /etc/ssl/certs/dovecot.pem ls /etc/ssl/private/dovecot.pem
nano /etc/dovecot/conf.d/10-ssl.conf
ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem
ssl = required
service dovecot restart
Для отправки комментария вам необходимо авторизоваться.
Один комментарий: Почтовый сервер Postfix, Dovecot и MySQL