postfix邮件服务器搭建

一、系统环境要求

操作系统：centos 7 X64

二、关闭sendmail

1、/bin/systemctl stop  sendmail.service

2、chkconfig sendmail off（关闭开机自启动）

三、安装postfix、dovecot

yum -y install postfix dovecot

四、修改/etc/postfix/main.cf内如如下：

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

myhostname = mail.shushujia.net

mydomain = shushujia.net

myorigin = $mydomain

inet_interfaces = all

inet_protocols = all

mydestination = shushujia.net

unknown_local_recipient_reject_code = 550

relay_domains = shushujia.net

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

home_mailbox = Maildir/

mail_spool_directory = /var/spool/mail

debug_peer_level = 2

debugger_command =

     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

     ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /usr/share/doc/postfix-2.10.1/samples

readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = ''

smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

broken_sasl_auth_clients = yes

smtpd_client_restrictions = permit_sasl_authenticated

smtpd_sasl_security_options = noanonymous

mynetworks = 114.215.137.209,127.0.0.0/8 #填写主机外网IP地址

五、修改dovecot配置文件如下：

1、/etc/dovecot/dovecot.conf

    protocols = imap pop3 lmtp

    listen = *

    base_dir = /var/run/dovecot/

    login_trusted_networks = 0.0.0.0/0

    log_path = /var/log/dovecot.log

    dict {

    }

    !include conf.d/*.conf

    !include_try local.conf

2、/etc/dovecot/conf.d/10-mail.conf

    mail_location = maildir:~/Maildir

    mbox_write_locks = fcntl

    namespace inbox {

      inbox = yes

    }

    mbox_write_locks = fcntl

六、修改/etc/pam.d/dovecot，支持系统用户认证

#%PAM-1.0

auth       required     pam_nologin.so

auth       include      password-auth

account    include      password-auth

session    include      password-auth

auth  include  system-auth

account  include  system-auth

session  include  system-auth

七，修改/etc/sysconfig/saslauthd如下：

SOCKETDIR=/run/saslauthd

MECH=shadow

FLAGS=

八、启动postfix，dovecot，saslauthd

/bin/systemctl start  postfix.service

/bin/systemctl start  dovecot.service

/bin/systemctl start  saslauthd.service

九、防火墙开放端口110，25，143

iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT

十、创建邮箱用户

由于用户服务器支持认证系统用户，因此直接创建系统用户即可

创建用户：useradd username –s /sbin/nologin（禁用远程登录权限）

用户授权：echo"password" | passwd--stdin username

十一、域名邮件记录解析

登录域名提供商网站，添加域名MX记录、A记录、TXT记录