【Debian】Postfix+Dovecot+sasl 实现SMTPS+IMAPS

2021-08-30 09:36:18

1.配置postfix

#安装postfix，弹出dpkg配置，选择Internet Site，输入MX记录中的域名

root@Server02:~#  apt-get install postfix

#编辑配置文件，修改tls中的证书私钥信息，开启sasl认证登录

root@Server02:/etc/postfix#  vim main.cf
# TLS parameters
smtpd_sasl_auth_enable=yes
smtpd_tls_cert_file=/CA/cacert.pem
smtpd_tls_key_file=/CA/key.pem
smtpd_use_tls=yes
smtpd_tls_session_cache_database  = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database  = btree:${data_directory}/smtp_scache
 
smtpd_relay_restrictions  = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname =  Server02.sdskills.org
alias_maps =  hash:/etc/aliases
alias_database =  hash:/etc/aliases
myorigin =  /etc/mailname
mydestination =  $myhostname, sdskills.org, Server02.sdskills.org, localhost.sdskills.org,  localhost
relayhost =
mynetworks =  0.0.0.0/0 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit  = 0
recipient_delimiter  = +
inet_interfaces =  all
inet_protocols =  all

#编辑master.cf配置文件，开启smtps的注释，开启chroot

root@Server02:/etc/postfix#  vim master.cf
smtp      inet   n       -       n       -        -       smtpd
smtps     inet   n       -       n       -        -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

#进入sasl文件夹，新建smtpd.conf文件，开启密码认证方式为saslauthd服务

root@Server02:/etc/postfix/sasl#  vim smtpd.conf
pwcheck_method:  saslauthd
#mech_list:PLAIN LOGIN
#saslauthd_path:/var/run/saslauthd/mux

2.dovecot服务配置

#安装dovecot核心服务，imapd组件

root@Server02:~#  apt-get install dovecot-core
root@Server02:~#  apt-get install dovecot-imapd

#进入服务目录conf.d下，修改如下配置

//开启明文传输

root@Server02:/etc/dovecot/conf.d#  vim 10-auth.conf
disable_plaintext_auth  = no

//修改SSL信息

root@Server02:/etc/dovecot/conf.d#  vim 10-ssl.conf
ssl = yes
ssl_cert =  </CA/cacert.pem
ssl_key =  </CA/key.pem

//修改注释开启imaps端口监听

root@Server02:/etc/dovecot/conf.d#  vim 10-master.conf
service imap-login  {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }

3.saslauthd服务配置

#安装sasl软件包

root@Server02:~#  apt-get install sasl2-bin

#编辑默认配置，开启sasl认证服务

root@Server02:/etc/default#  vim saslauthd
START=yes

#将postfix加入sasl组！！！

root@Server02:~# usermod -G sasl postfix

4.其他

#批量创建99个用户，创建邮箱目录

root@Server02:/home#  for i in `seq 99`
> do
> useradd -m  user$i
> mkdir -p  /home/user$i/mail/.imap/INBOX
> chown -R  user$i:user$i /home/user$i
> echo  user$i:Chinaskill20! >> passfile
> done
root@Server02:/home#  pwunconv
root@Server02:/home#  chpasswd < passfile
root@Server02:/home#  pwconv

全部配置完成后重启各服务

root@Server02:~#  systemctl restart postfix dovecot saslauthd

thunder验证

输入用户信息登录到邮件服务

确认证书信任

发送邮件

用户收到邮件

服务测试通过

码农公寓

1.配置postfix

2.dovecot服务配置

3.saslauthd服务配置

4.其他

thunder验证

相关文章