Dashboard » Technical Community » Case Sharing » Content

Set up your own private email server

2021-11-13

0. introduction to the messaging system

MAIL SYSTEM ROLES: MUA (MAIL USER AGENT), MTA (MAIL TRANSPORT AGENT), MDA (MAIL DISTRIBUTION AGENT)

MTA: Commonly referred to as mail server software, it is responsible for receiving mail sent by client software and transmitting mail to other MTA programs, which is a core part of the e-mail system. For example, Exchange, Postfix are MTA software

MUA: Commonly referred to as mail client software, it provides users with an interface for sending, receiving, and managing e-mail messages. For example, Outlook, Outlook Express, Foxmail, etc

MDA: Responsible for distributing messages to the user's mailbox directory in the server (by default/var/spool/mail/user), which is not intended directly to mail users, but works silently in the background. Sometimes the functionality of MDA can be integrated directly into MTA software and is often overlooked.

Rhel5 defaults to sendmail as MTA, rhel6 uses postfix, installs postfix and dovecot software package, yum installs;

CONFIGURE THE DNS SERVER TO CREATE A AND MX RECORDS FOR THE MAIL SERVER IN THE FORWARD ZONE DATA FILE

1. postfix installation configuration

the postfix is already installed by default, so you only need to install dovecot. here's what it looks like:

profile of the postfix service: /etc/postfix/main.cf

the postfix system provides postconf tools that can be used to assist with configuration

perform postconf to see the current active configuration, such as postconf "inet_interfaces"

perform postconf -n to see the non-default configuration

perform postconf -d to see the default configuration

perform postconf -e and modify custom settings such as postconf -e "inet_interfaces s all"

#postconf -n > main2.cf

#mv main.cf main.cf.bak

#mv main2.cf main.cf

modify the configuration associated with the postfix main profile as follows: add or modify the configuration in the red section of the following image

argument interpretation:

inet_interfaces all // set the IP address of postfix service listening, set to all means listening to all IP
mydomain -http://renet.com // set the mail domain name used by the postfix server
myhostname s mail.peixun.wlmq // set the host name used by the postfix server
myorigin is the domain name of the message in the sender's address when $myhostname //outgoing message, indicating the domain name of the sender
mydestination s $myhostname, $mydomain // allow delivery to the local mail domain name, the host name or domain name that can receive the message, that is, which domain name your postfix system is going to receive the message
Mynetworks // Set which network messages can be forwarded, and the postfix system distinguishes whether users are remote or local based on their values, and these addresses and networks can forward messages anywhere through this MTA without further authentication
Relayhost //smarthost forwards all outbound messages that pass through. Usually specified in square brackets to avoid MX record lookups
local_transport // How messages with a receiving address of $mydesting insanity are sent. By default, it is set to local:$myhostname (use local MDA to send incoming messages to the local mail storage location in/var/spool/mail)
home_mailbox s Maildir///Setting the location and format of mail storage, postfix supports the 2 most common ways to store your mailbox (automatically using Maildir storage when the last character of the specified storage location is "/")
Mailbox// Stores all message content from the same user in the same file, such as "/var/spool/mail/username", which is older and less efficient to query and manage when the number of messages is high
Maildir // Use the directory structure to store the user's message content, each user corresponding to a folder, each message as a separate file to save, such as /home/username/Maildir/*, this way access speed and efficiency is better, and for mail content management is more convenient

restart the postfix service

#service postfix restart

#chkconfig postfix on

create a mail account, as shown in the following image:

test e-mail:

verify that the recipient, zhangsan, received the message:

2. modify the dovecot master profile

vi /etc/dovecot/dovecot.conf
the !include.d/.conf//the configuration item states that the file at the end of the conf is valid under conff.d, note the front "!" number
protocols = imap pop3 lmtp
login_trusted_networks s 192.168.0.0/24 //specify the segment address that is allowed to log on

set up the /etc/dovecot/conf.d/10-mail.conf profile

as shown below, the comments at the tick of the following image are removed

after setting the mail_location value, the dovecot service needs to be restarted.

#service dovecot restart

#chkconfig dovecot on

test receiving messages:

you can use the mailq command or postqueue -p command to display a list of all outgoing messages that have been queued, and to try to send all queued messages again immediately, you can run the postfix flush command or postqueue -f command;

3, set the mail user's alias and mass mail list

the following configuration items exist in the /etc/postfix/main.cf file (which exists by default, just confirm)

modify the /etc/aliases alias file to add the relevant settings, as shown in the figure:

aliases alias file explains:

the first line of zhang is an alias for the user of the san message: admin;
the second line is to create a mass mailing list called tech, which contains two mail accounts, lisi and zhangsan

perform a postalias or newaliases command to update the alias file.

#postalias /etc/alias or snaliases

finally restart the postfix service

4. the configuration of the virtual alias domain

using a virtual alias domain, you can actually post messages sent to a virtual domain to a user's mailbox in the real domain, and you can implement group mailing, which specifies a virtual mail address that anyone sends to that email address, which is automatically forwarded by the mail server to a group of users' mailboxes in the real domain.

the actual virtual domain is an alias of the real domain, and the redirection of the mail address of the virtual domain to the mail address of the real domain is implemented through a virtual alias table, virtual

edit postfix master profile/etc/postfix/main.cf and add the following definition, as shown in the following image:

argument interpretation:

the first line specifies the name of the virtual alias domain;

the second line specifies the file path that contains the virtual alias domain definition.

edit the profile/etc/postfix/virtual as follows:

argument interpretation:

the first line means that the message sent to the virtual domainhttp://accp.comis actually delivered to the real localdomain, the http://renet.com
the second line means that messages sent to virtual domain mailboxes [email protected] are posted to the mailbox of the mail user zhangsan
the third line parameter is that messages sent to virtual domain mailboxes [email protected] are posted to lisi and zhangsan mailboxes

after modifying the profile main.cf and virtual. for the changes to take effect immediately, postmap and postfix services should be restarted, respectively

#postmap /etc/postfix/virtual

#service postfix restart

5, webmail mail interface (squirrel mail)

Webmail refers to the web interface provided to mail users to send and receive mail, through access to the web interface provided by the mail system, and mail client software can achieve similar mail management functions.

1) install http and php-related packages and start the http service

#yum -y install httpd

#yum -y install php-*

#service httpd start

#chkconfig httpd on

NOTE: MAKE SURE THAT THE FOLLOWING TWO PACKAGES ARE INSTALLED, OTHERWISE THE USER CANNOT LOG ON TO THE MAILBOX VIA WEB

2) release and configure the squirrelmail program suite

copy the squirrelmailer suite and chinese language pack to the mail server locally (e.g./root directory),

Start by unziping SquirelMail to the web server's web document root (default is /var/www/html) and changing the name

# tar jxvf squirrelmail-1.4.13.tar.bz2 -C /var/www/html

# cd /var/www/html

# mv squirrelmail-1.4.13 webmail

# cd webmail

Then unzip the release Chinese language pack in SquirrelMail's web file directory

# tar jxvf ~/zh_CN-1.4.13-20071220.tar.bz2

create and adjust data catalogs, attachment catalogs

# mkdir -p attach data

# chown -R apache:apache attach/ data/

# chmod 730 attach/

establish and adjust the config .php profile

# cp config/config_default.php config/config.php

# vi config/config.php

copy the build profile from the sample file and adjust the parameters as needed (only a few parameters need to be changed)

$squirrelmail_default_language = ‘zh_CN’; The default language

$default_charset= ‘zh_CN. UTF-8’; The default character set

$domain = ‘http://renet.com’; the message domain name

$smtpServerAddress =‘127.0.0.1’; Set the sending server address

$smtpPort = 25; SMTP server port

$imap_server_type = ‘dovecot’; Set the type of IMAP receiving server

$imapPort = 143; IMAP service port

$data_dir= ‘/var/www/html/webmail/data/’; the location of the data directory

$attachment_dir = ‘/var/www/html/webmail/attach/’; the location of the attachment directory

3) sign in to the squirrelmail system in your browser

on httpd_can_sendmail boolean value is on

visit

http://web server IP or FQDN/webmail

6、设备SMTP的用户认证

WHEN A USER SENDS A MESSAGE TO AN EXTERNAL MAIL DOMAIN THROUGH THE SMTP PROTOCOL, THE SERVER REQUIRES THE USER TO PROVIDE A USER ACCOUNT NUMBER AND PASSWORD FOR AUTHENTICATION, AND ONLY THE SUCCESSFUL AUTHENTICATED USER IS ALLOWED TO SEND MAIL EXTERNALLY, OTHERWISE THE SENDING REQUEST WILL BE DENIED

At present, the more commonly used SMTP authentication mechanism is implemented through the Cyrus SASL package, the biggest function of Cyrus SASL is to provide a library of authentication functions for applications. Applications can define authentication methods through the functionality provided by the library and allow SASL to provide authentication capabilities by communicating with mail server hosts.

1) Check if the RPM package related to cyrus is installed in the system:

2) verify

use the following command to verify that postfix supports cyrus-style sasl certification, and if your output is the following results, it is supported;

By default, Cyrus SASL uses saslauthd as a daemon for password authentication, which can be done in a variety of ways, using the following commands to view the password authentication mechanism supported by Cyrus SASL in the current system

here is ready to use the shadow authentication method, that is, directly with the /etc/shadow file user account and password authentication, so in the profile /etc/sysconfig/saslauthd, should determine that the current system used password verification mechanism is shadow, as shown below:

3) start the saslauthd service and test the authentication function

#service saslauthd start

#chkconfig saslauthd on

then test the saslauthd process authentication function with the following command, as shown in the following image:

where lisi is the user account name in the linux system, '123456' is the user lisi password

4) Set postfix to enable SMTP authentication

Add a settings section on SMTP certification to the main.cf file, as shown in the following image:

restart the postfix service

5) TEST SMTP LETTER CERTIFICATION

obtain an encrypted string of lisi's username and password with the following commands:

使用telnet命令进行发信认证：

As long as the mail server can resolve the Internet domain name through DNS, it can send mail to other mail systems on the Internet, and other mail systems on the Internet can resolve the MX records of the messaging system to receive INTERNET mail.

7, mail filtering function configuration

1) MESSAGE FILTERING BASED ON HOST NAME/IP ADDRESS

Using smtpd_client_restrictions configuration parameters, you can set restrictions check_client_access point to a query table file with IP address, network address, host name, domain name.

modify the /etc/postfix/main.cf profile and add the following configuration items:

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access

modify the /etc/postfix/access file, add an access control policy, and reject messages sent by hosts in the 192.168.1.0/24 segment, 192.168.0.11 host, and http://bbc.com domain, as shown in the following image

use the postmap command to convert the access file to the hash database file .db

REJECT: REJECT AND RETURN THE LETTER

DISCARD: DISCARD (REJECT AND DO NOT RETURN INFORMATION)

OK: ALLOWED

RELAY: FORWARD

restart the postfix service for the modification to take effect

Test: The telnet postfix server IP 25 is tested by mail on the 192.168.0.11 host, as shown below:

2) filter messages based on the sender's address

using smtpd_sender_restrictions configuration parameters, by setting restrictions check_sender_access point to a query table file with the sender's full email address and domain name.

modify the /etc/postfix/main.cf profile and add the following configuration items:

smtpd_sender_restrictions =check_sender_access hash:/etc/postfix/access

modify the/etc/postfix/access file, add an access control policy, and reject messages sent [email protected] email addresses, market users in any domain, and any users from http://qq.com domains

as shown in the following image

use the postmap command to convert the access file to the hash database file .db

restart the postfix service for the modification to take effect

simulate the [email protected] on one client

send an e-mail, as shown in the following image:

3) filter messages according to the recipient's address

using smtpd_recipient_restrictions configuration parameters, by setting restrictions check_recipient_access point to a query table file with the recipient's email address.

modify the /etc/postfix/main.cf profile and add the following configuration items:

permit_mynetworks // allow messages from this messaging system
permit_sasl_authenticated // allow sasl certified users as senders
Reject_unauth_destination //recipient address domain is denied when it is not included in the Postfix authorized network
Rejected when reject_non_fqdn_recipient //recipient address domain is not a legitimate FQDN
reject reject_unknown_recipient_domain when the //recipient address domain is unknown or does not exist

修改/etc/postfix/access文件,添加访问控制策略，拒绝[email protected]用户接收邮件，如下图所示