一、安装maddy,搭建邮件服务器并配置DNS

首先在GitHub或官网下载可执行文件maddy-版本号-x86_64-linux-musl.tar.zst
解压该文件并进入目录内。移动可执行文件maddy到/usr/local/bin/,systemd目录内的文件到/etc/systemd/system内

mkdir ~/tmp
cd ~/tmp
wget https://maddy.email/builds/0.7.0/maddy-0.7.0-x86_64-linux-musl.tar.zst
apt install zstd
tar -I zstd -xvf maddy-0.7.0-x86_64-linux-musl.tar.zst
cd maddy-0.7.0-x86_64-linux-musl
mv maddy /usr/local/bin
mv systemd/* /etc/systemd/system

创建用于存放证书的目录

mkdir -p /etc/maddy/certs

编辑maddy.conf,将下述两行改为你的域名。

nano maddy.conf

$(hostname) = mx1.abc.com
也可以写成 mx.abc.com,或者 mail.abc.com,看个人喜好
$(primary_domain) = abc.com
填所需要的邮箱后缀
tls file /etc/maddy/certs/$(hostname)/fullchain.cer /etc/maddy/certs/$(hostname)/abc.com.key
改成证书和密钥路径

创建目录/etc/maddy/,将maddy.conf移动到该目录下

mkdir /etc/maddy
mv maddy.conf /etc/maddy/

添加 maddy 用户

useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy

重载服务管理器

systemctl daemon-reload

启动服务

systemctl start maddy

创建用户,分配储存空间。

maddy creds create acb@abc.com
maddy imap-acct create acb@abc.com

获取本服务器生成的domainkey

cat /var/lib/maddy/dkim_keys/abc.com_default.dns

default._domainkey

配置 DNS

名称    类型    暂存时间    值
@    A    10800    123.123.123.123
@    MX    10800    10 mail.abc.com.
@    TXT    10800    v=spf1 ip4:123.123.123.123 ~all
_dmarc    TXT    10800    v=DMARC1; p=quarantine; ruf=mailto:abc@abc.com
_imap._tcp    SRV    10800    0 0 0 .
_imaps._tcp    SRV    10800    0 1 993 mail.abc.com.
_mta-sts    TXT    10800    v=STSv1; id=1
_pop3._tcp    SRV    10800    0 0 0 .
_pop3s._tcp    SRV    10800    10 1 995 mail.abc.com.
_smtp._tls    TXT    10800    v=TLSRPTv1;rua=mailto:abc@abc.com
_submission._tcp    SRV    10800    0 1 465 mail.abc.com.
default._domainkey    TXT    10800    v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9kk2ZVDBF+IJdVqDUt67gOsQIDAQAB"
imap    A    10800    123.123.123.123
mail    A    600    123.123.123.123
mail    SPF    10800    v=spf1 include:mail.abc.com include:abc.com ip4:123.123.123.123 ~all
mta-sts    A    10800    123.123.123.123
pop    A    10800    123.123.123.123
smtp    A    10800    123.123.123.123
spf1    TXT    10800    v=spf1 include:mail.abc.com include:abc.com include:123.123.123.123 ~all
www    A    10800    123.123.123.123
www    TXT    10800    v=spf1 ip4:123.123.123.123 ~all

MTA-STS(RFC 8461)是一个预防中间人攻击的防护措施。它的DNS标记已经在上一步做好。
然后,我们需要使用一个网页服务器来返回一串文本。
当访问 https://mta-sts.abc.com/.well-known/mta-sts.txt 的时候,就返回如下内容:

version: STSv1
mode: enforce
mx: mx1.abc.com
max_age: 604800

对于 Nginx,也可以使用以下方式直接返回这串文字,在 Nginx 配置文件的 HTTP 块内加入一个 server:

nano /etc/nginx/sites-available/mta-sts


server {
    server_name mta-sts.abc.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_certificate /etc/maddy/certs/mail.abc.com/fullchain.cer;
    ssl_certificate_key /etc/maddy/certs/mail.abc.com/abc.com.key;
    location = /.well-known/mta-sts.txt {
        default_type text/plain;
        return 200 "version: STSv1\r\nmode: enforce\r\nmx: mx1.abc.com\r\nmax_age: 604800\r\n";
    }
}

创建nginx快捷方式

ln -s /etc/nginx/sites-available/mta-sts /etc/nginx/sites-enabled/mta-sts

二、安装rainloop,搭建Webmail服务

创建目录、下载解压rainloop、更改目录权限

mkdir -p /var/www/rainloop
cd /var/www/rainloop
wget https://www.rainloop.net/repository/webmail/rainloop-latest.zip
apt install unzip
unzip rainloop-latest.zip
rm rainloop-latest.zip
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;

安装fpm组件并配置

apt install nginx php-fpm php8.2-curl php8.2-xml
nano /etc/php/8.2/fpm/php.ini
upload_max_filesize = 30M  
post_max_size = 35M

更改目录权限

chmod -R 775 /var/www/
chown -R www-data:www-data /var/www/rainloop/

创建rainloop的nginx配置文件

nano /etc/nginx/sites-available/rainloop_ssl

配置文件内容如下

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name webmail.abc.com;

    ssl_certificate /etc/maddy/certs/mail.abc.com/fullchain.cer;
    ssl_certificate_key /etc/maddy/certs/mail.abc.com/abc.com.key;

    index index.html index.php;
    root /var/www/rainloop;
    client_max_body_size 2G;

    error_log /var/log/nginx/rainloop.error.log;
    access_log /var/log/nginx/rainloop.access.log;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ^~/data {
        deny all;
    }

    location ~ \.php$ {
#       fastcgi_pass php-handler-https;
        fastcgi_pass unix:/run/php/php8.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

创建rainloop快捷方式

ln -s /etc/nginx/sites-available/rainloop_ssl /etc/nginx/sites-enabled/rainloop_ssl

测试配置

nginx -t

应用配置

systemctl reload nginx

查看php信息
https://webmail.abc.com/?/Info

邮件服务器测试
https://www.mail-tester.com/

接下来即可使用 Thunderbird 等邮件客户端收发邮件。
IMAP 服务器:mx1.abc.com:143
SMTP 服务器:mx1.abc.com:587
连接安全:STARTTLS

标签: none

添加新评论