欢迎光临.
在自主服务器上安装maddy邮件服务器,用于接收邮件
创建:
2024-06-19 14:33
更新:
2024-06-25 09:58
访问:
469
主词:
搭建安装邮件服务器
描述:
自己搭建邮件服务器,可以使用自己的服务器接收邮件,但不能发送,因为一般服务端云服务器都是封了25端口的,即由服务器访问其它服务器的25端口是不通的,但是可以在未封25端口的服务器上访问本服务器上的25端口,前提是正确配置防火墙。
准备域名
在阿里云或腾讯云上直接购买一个
准备服务器
在阿里云或腾讯云上直接购买一个
准备环境
1.安装docker或者containerd
2.安装docker-compose或者替代品nerdctl compose
3.最近dokerhub用不了,可以从阿里镜像库接取镜像
4.开放25,465,587,993,143端口用于收发邮件,当然对外25端口封a了,不能用于发送邮件。
准备dockerfile文件
services:
maddyEmail:
image: foxcpp/maddy:0.6
restart: always
environment:
- "MADDY_HOSTNAME=mx1.your.com"
- "MADDY_DOMAIN=your.com"
ports:
- "25:25"
- "465:465"
- "587:587"
- "993:993"
- "143:143"
volumes:
- $PWD/data:/data # 当前data文件夹在挂载的data文件夹中准备配置文件 maddy.conf
## Maddy Mail Server - default configuration file (2022-06-18)
# Suitable for small-scale deployments. Uses its own format for local users DB,
# should be managed via maddy subcommands.
#
# See tutorials at https://maddy.email for guidance on typical
# configuration changes.
# ----------------------------------------------------------------------------
# Base variables
# 修改以下域名为你自己的域名 一个邮件域名 一个主域名
$(hostname) = mx1.you.com
$(primary_domain) = you.top
$(local_domains) = $(primary_domain)
# 修改为你自己申请的ssl证书,可以使用openssl泛域名三个月时长,到时可以重新申请,要与域名匹配
# 注意证书密钥的文件路径
tls file /data/tls/fullchain.pem /data/tls/privkey.pem
# ----------------------------------------------------------------------------
# Local storage & authentication
# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddy creds' command.
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
dsn credentials.db
table_name passwords
}
}
# imapsql module stores all indexes and metadata necessary for IMAP using a
# relational database. It is used by IMAP endpoint for mailbox access and
# also by SMTP & Submission endpoints for delivery of local messages.
#
# IMAP accounts, mailboxes and all message metadata can be inspected using
# imap-* subcommands of maddy.
# 数据保存使用sqlite3默认配置就好,不用动
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
# ----------------------------------------------------------------------------
# SMTP endpoints + message routing
hostname $(hostname)
table.chain local_rewrites {
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
optional_step static {
entry postmaster postmaster@$(primary_domain)
}
optional_step file /etc/maddy/aliases
}
msgpipeline local_routing {
# Insert handling for special-purpose local domains here.
# e.g.
# destination lists.example.org {
# deliver_to lmtp tcp://127.0.0.1:8024
# }
destination postmaster $(local_domains) {
modify {
replace_rcpt &local_rewrites
}
deliver_to &local_mailboxes
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://0.0.0.0:25 {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections.
all rate 20 1s
all concurrency 10
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
limits {
# Up to 50 msgs/sec across any amount of SMTP connections.
all rate 50 1s
}
auth &local_authdb
source $(local_domains) {
check {
authorize_sender {
prepare_email &local_rewrites
user_to_email identity
}
}
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &remote_queue
}
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}
target.remote outbound_delivery {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections
# for each recipient domain.
destination rate 20 1s
destination concurrency 10
}
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level encrypted
min_mx_level none
}
}
}
target.queue remote_queue {
target &outbound_delivery
autogenerated_msg_domain $(primary_domain)
bounce {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
# ----------------------------------------------------------------------------
# IMAP endpoints
imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
auth &local_authdb
storage &local_mailboxes
}
设置dns解析
1.设置 mx1.you.com A记录到你的ipv4地址
2.设置 you.com A记录到你的ipv4地址
3.设置 mx1.you.com TXT记录到 v=spf1 a ~all
4.设置 _dmarc.you.com TXT到 v=DMARC1; p=quarantine; ruf=mailto:me@you.com
- 基于域的消息验证
5.设置 _mta-sts.you.com TXT到 v=STSv1; id=1
- 宣称接受 TLS 连接的能力
6.设置 _smtp.tls.you.com TXT到 v=STSv1; id=1
7.设置 default._domainkey.you.com TXT 到首次启动时生成的dkim串
首次启动
首次启动是启动不起来的,因为重要的dkim未生成,首次启动时会自动生成dkim,可以在data文件夹里的dkim_keys文件夹里看到,大概以_default.key结尾的文件内容就是了。
首次启后设置dns完成再次启动就可以了
创建账号
创建地址
docker exec -it container_name maddy creds create me@you.com
创建地址存储
docker exec -it container_name maddy imap-acct create me@you.com
两步执行下来得一可用地址me@you.com,可以多创建几个,在内部进行邮件发送和接收
本文为原创内容,未经允许,不得转载
