环境
- Ubuntu 22.04 server 64bit
- nginx+php
- sqlite3
FQDN
# 更新
apt-get update
echo > /etc/hostname mail.example.com
# 注释 - update_hostname
vim /etc/cloud/cloud.cfg
# 重启
reboot
安装nginx
apt-get -y install nginx
systemctl start nginx
systemctl enable nginx
安装certbot
apt-get -y install certbot
certbot certonly --manual -d 'yinxianwei.com,*.yinxianwei.com'
# 1. 输入邮箱
# 2. Y
# 3. N
# 4. *.example.com
# 5. 配置域名解析,TXT _acme-challenge 提示字符串
# 6. 配置后等待几分钟回车
设置证书自动更新
crontab -e
@daily certbot certonly --manual -d 'yinxianwei.com,*.yinxianwei.com' && systemctl reload postfix dovecot nginx
查看日志
less /var/log/letsencrypt/letsencrypt.log
安装php
apt-get -y install php-imap php-mbstring php-fpm php-sqlite3
systemctl enable php8.1-fpm
安装postfix
apt-get -y install postfix postfix-sqlite
systemctl start postfix
systemctl enable postfix
vim /etc/postfix/master.cf
# master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
vim /etc/postfix/main.cf
# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
smtpd_tls_security_level=may
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level=may
smtp_tls_loglevel = 1
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
#Enforce TLSv1.3 or TLSv1.2
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
mailbox_transport = lmtp:unix:private/dovecot-lmtp
smtputf8_enable = no
smtpd_use_tls=yes
smtpd_tls_auth_only=yes
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth
smtpd_sasl_auth_enable=yes
smtpd_sasl_security_options=noanonymous
smtpd_sender_restrictions=permit_sasl_authenticated
smtpd_recipient_restrictions=permit_mynetworks permit_sasl_authenticated permit_auth_destination reject_unauth_destination
# 查看端口
ss -lnpt | grep master
安装dovecot
apt-get -y install dovecot-core dovecot-imapd dovecot-lmtpd dovecot-sqlite
systemctl start dovecot
systemctl enable dovecot
vim /etc/dovecot/dovecot.conf
protocols = imap lmtp
!include_try /usr/share/dovecot/protocols.d/*.protocol
vim /etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir
mail_home = /var/vmail/mailbox/%d/%n/
namespace inbox {
separator = /
inbox = yes
}
vim /etc/dovecot/conf.d/10-master.conf
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
service lmtp {
unix_listener /var/spool/postfix/private/auth {
mode = 0600
user = postfix
group = postfix
}
}
service stats {
unix_listener stats-reader {
user = www-data
group = www-data
mode = 0660
}
unix_listener stats-writer {
user = www-data
group = www-data
mode = 0660
}
}
gpasswd -a www-data dovecot
vim /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
auth_username_format = %u
auth_mechanisms = plain login
auth_default_realm = example.com
#!include auth-system.conf.ext
!include auth-sql.conf.ext
# debug
auth_debug = yes
auth_debug_passwords = yes
vim /etc/dovecot/dovecot-sql.conf.ext
driver = sqlite
connect = /var/vmail/db/postfixadmin.db
default_pass_scheme = ARGON2I
password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
user_query = SELECT maildir, 2000 AS uid, 2000 AS gid FROM mailbox WHERE username = '%u' AND active='1'
iterate_query = SELECT username AS user FROM mailbox
vim /etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = </etc/letsencrypt/live/example.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/example.com/privkey.pem
ssl_prefer_server_ciphers = yes
ssl_min_protocol = TLSv1.2
vim /etc/ssl/openssl.cnf
#providers = provider_sect
vim /etc/dovecot/conf.d/15-mailboxes.conf
mailbox Junk {
auto = create
special_use = \Junk
}
mailbox Trash {
auto = create
special_use = \Trash
}
mailbox Sent {
auto = create
special_use = \Sent
}
添加用户
adduser vmail --system --group --uid 2000 --disabled-login --no-create-home
mkdir /var/vmail/
mkdir /var/vmail/mailbox
mkdir /var/vmail/db/
touch /var/vmail/db/postfixadmin.db
chown vmail:vmail /var/vmail/ -R
安装postfixadmin
apt install acl
cd /srv/
wget -O postfixadmin.tgz https://github.com/postfixadmin/postfixadmin/archive/postfixadmin-3.3.10.tar.gz
tar -zxvf postfixadmin.tgz
mv postfixadmin-postfixadmin-3.3.10 postfixadmin
ln -s /srv/postfixadmin /usr/share/nginx/postfixadmin
mkdir -p /srv/postfixadmin/templates_c
setfacl -R -m u:www-data:rwx /srv/postfixadmin/templates_c/
setfacl -R -m u:www-data:rx /etc/letsencrypt/live/ /etc/letsencrypt/archive/
setfacl -R -m u:www-data:rwx /var/run/dovecot/stats-reader /var/run/dovecot/stats-writer
vim /srv/postfixadmin/config.local.php
<?php
$CONF['encrypt'] = 'dovecot:ARGON2I';
$CONF['dovecotpw'] = "/usr/bin/doveadm pw -r 5";
if(@file_exists('/usr/bin/doveadm')) { // @ to silence openbase_dir stuff; see https://github.com/postfixadmin/postfixadmin/issues/171
$CONF['dovecotpw'] = "/usr/bin/doveadm pw -r 5"; # debian
}
$CONF['configured'] = true;
$CONF['database_type'] = 'sqlite';
$CONF['database_name'] = '/var/vmail/db/postfixadmin.db';
$CONF['default_language'] = 'cn';
?>
vim /etc/nginx/conf.d/postfixadmin.conf
server {
listen 80;
listen [::]:80;
server_name postfixadmin.example.com;
root /usr/share/nginx/postfixadmin/public/;
index index.php index.html;
access_log /var/log/nginx/postfixadmin_access.log;
error_log /var/log/nginx/postfixadmin_error.log;
location / {
try_files $uri $uri/ /index.php;
}
location ~ ^/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
打开 http://postfixadmin.example.com/setup.php
设置密码
vim /srv/postfixadmin/config.local.php
$CONF['setup_password'] = 'xxx';
刷新页面
vim /etc/postfix/main.cf
virtual_mailbox_domains = sqlite:/etc/postfix/sql/sqlite_virtual_domains_maps.cf
virtual_mailbox_maps = sqlite:/etc/postfix/sql/sqlite_virtual_mailbox_maps.cf
virtual_alias_maps = sqlite:/etc/postfix/sql/sqlite_virtual_alias_maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
mkdir /etc/postfix/sql/
echo -e "dbpath = /var/vmail/db/postfixadmin.db\nquery = SELECT domain FROM domain WHERE domain='%s' AND active = '1'" > /etc/postfix/sql/sqlite_virtual_domains_maps.cf
echo -e "dbpath = /var/vmail/db/postfixadmin.db\nquery = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'" > /etc/postfix/sql/sqlite_virtual_mailbox_maps.cf
echo -e "dbpath = /var/vmail/db/postfixadmin.db\nquery = SELECT goto FROM alias WHERE address='%s' AND active = '1'" > /etc/postfix/sql/sqlite_virtual_alias_maps.cf
chmod 0640 /etc/postfix/sql/*
setfacl -R -m u:postfix:rx /etc/postfix/sql/
postconf -e "mydestination = \$myhostname, localhost.\$mydomain, localhost"
vim /etc/postfix/main.cf
virtual_mailbox_base = /var/vmail
virtual_minimum_uid = 2000
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000
systemctl restart postfix dovecot
安装webmail
apt install php-xml php-curl
mkdir /var/www/rainloop
wget https://www.rainloop.net/repository/webmail/rainloop-latest.zip
unzip rainloop-latest.zip -d /var/www/rainloop
cd /var/www/rainloop
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
chown -R www-data:www-data .
vim /etc/nginx/conf.d/webmail.conf
server {
listen 80;
listen [::]:80;
server_name webmail.example.com;
root /var/www/rainloop;
index index.php index.html;
access_log /var/log/nginx/webmail_access.log;
error_log /var/log/nginx/webmail_error.log;
location / {
try_files $uri $uri/ /index.php;
}
location ^~ /data {
deny all;
}
location ~ ^/(.+\.php)$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
}
}
打开: http://webmail.example.com/index.php?admin
admin
12345
域名 - 添加域名
名字: *.example.com
IMAP: mail.example.com, SSL/TLS
SMTP: mail.example.com, SSL/TLS
勾选 使用短用户名登录
域名 - 添加别名
example.com -> *.example.com
https://support.huaweicloud.com/ecs_faq/zh-cn_topic_0050735736.html
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-22-04
https://imaginefei.com/2022/09/03/IT%E6%8A%80%E6%9C%AF/%E8%BF%90%E7%BB%B4/%E5%9F%BA%E7%A1%80%E8%AE%BE%E6%96%BD/%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F%E6%90%AD%E5%BB%BA%E4%B9%8BPostfix-Dovecot-Postfixadmin/
https://developer.aliyun.com/article/417606
https://www.linuxbabe.com/redhat/postfixadmin-create-virtual-mailboxes-centos-mail-server
https://www.linuxbabe.com/redhat/run-your-own-email-server-centos-postfix-smtp-server
https://github.com/postfixadmin/postfixadmin/issues/567
https://www.linuxbabe.com/mail-server/postfixadmin-ubuntu