Debian12中安装maddy+rainloop部署邮件服务器
一、安装maddy,搭建邮件服务器并配置DNS
首先在GitHub或官网下载可执行文件maddy-版本号-x86_64-linux-musl.tar.zst
解压该文件并进入目录内。移动可执行文件maddy到/usr/local/bin/,systemd目录内的文件到/etc/systemd/system内
mkdir ~/tmp
cd ~/tmp
wget https://maddy.email/builds/0.7.0/maddy-0.7.0-x86_64-linux-musl.tar.zst
apt install zstd
tar -I zstd -xvf maddy-0.7.0-x86_64-linux-musl.tar.zst
cd maddy-0.7.0-x86_64-linux-musl
mv maddy /usr/local/bin
mv systemd/* /etc/systemd/system
创建用于存放证书的目录
mkdir -p /etc/maddy/certs
编辑maddy.conf,将下述两行改为你的域名。
nano maddy.conf
$(hostname) = mx1.abc.com
也可以写成 mx.abc.com,或者 mail.abc.com,看个人喜好
$(primary_domain) = abc.com
填所需要的邮箱后缀
tls file /etc/maddy/certs/$(hostname)/fullchain.cer /etc/maddy/certs/$(hostname)/abc.com.key
改成证书和密钥路径
创建目录/etc/maddy/,将maddy.conf移动到该目录下
mkdir /etc/maddy
mv maddy.conf /etc/maddy/
添加 maddy 用户
useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy
重载服务管理器
systemctl daemon-reload
启动服务
systemctl start maddy
创建用户,分配储存空间。
maddy creds create acb@abc.com
maddy imap-acct create acb@abc.com
获取本服务器生成的domainkey
cat /var/lib/maddy/dkim_keys/abc.com_default.dns
default._domainkey
配置 DNS
名称 类型 暂存时间 值
@ A 10800 123.123.123.123
@ MX 10800 10 mail.abc.com.
@ TXT 10800 v=spf1 ip4:123.123.123.123 ~all
_dmarc TXT 10800 v=DMARC1; p=quarantine; ruf=mailto:abc@abc.com
_imap._tcp SRV 10800 0 0 0 .
_imaps._tcp SRV 10800 0 1 993 mail.abc.com.
_mta-sts TXT 10800 v=STSv1; id=1
_pop3._tcp SRV 10800 0 0 0 .
_pop3s._tcp SRV 10800 10 1 995 mail.abc.com.
_smtp._tls TXT 10800 v=TLSRPTv1;rua=mailto:abc@abc.com
_submission._tcp SRV 10800 0 1 465 mail.abc.com.
default._domainkey TXT 10800 v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9kk2ZVDBF+IJdVqDUt67gOsQIDAQAB"
imap A 10800 123.123.123.123
mail A 600 123.123.123.123
mail SPF 10800 v=spf1 include:mail.abc.com include:abc.com ip4:123.123.123.123 ~all
mta-sts A 10800 123.123.123.123
pop A 10800 123.123.123.123
smtp A 10800 123.123.123.123
spf1 TXT 10800 v=spf1 include:mail.abc.com include:abc.com include:123.123.123.123 ~all
www A 10800 123.123.123.123
www TXT 10800 v=spf1 ip4:123.123.123.123 ~all
MTA-STS(RFC 8461)是一个预防中间人攻击的防护措施。它的DNS标记已经在上一步做好。
然后,我们需要使用一个网页服务器来返回一串文本。
当访问 https://mta-sts.abc.com/.well-known/mta-sts.txt 的时候,就返回如下内容:
version: STSv1
mode: enforce
mx: mx1.abc.com
max_age: 604800
对于 Nginx,也可以使用以下方式直接返回这串文字,在 Nginx 配置文件的 HTTP 块内加入一个 server:
nano /etc/nginx/sites-available/mta-sts
server {
server_name mta-sts.abc.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_certificate /etc/maddy/certs/mail.abc.com/fullchain.cer;
ssl_certificate_key /etc/maddy/certs/mail.abc.com/abc.com.key;
location = /.well-known/mta-sts.txt {
default_type text/plain;
return 200 "version: STSv1\r\nmode: enforce\r\nmx: mx1.abc.com\r\nmax_age: 604800\r\n";
}
}
创建nginx快捷方式
ln -s /etc/nginx/sites-available/mta-sts /etc/nginx/sites-enabled/mta-sts
二、安装rainloop,搭建Webmail服务
创建目录、下载解压rainloop、更改目录权限
mkdir -p /var/www/rainloop
cd /var/www/rainloop
wget https://www.rainloop.net/repository/webmail/rainloop-latest.zip
apt install unzip
unzip rainloop-latest.zip
rm rainloop-latest.zip
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
安装fpm组件并配置
apt install nginx php-fpm php8.2-curl php8.2-xml
nano /etc/php/8.2/fpm/php.ini
upload_max_filesize = 30M
post_max_size = 35M
更改目录权限
chmod -R 775 /var/www/
chown -R www-data:www-data /var/www/rainloop/
创建rainloop的nginx配置文件
nano /etc/nginx/sites-available/rainloop_ssl
配置文件内容如下
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name webmail.abc.com;
ssl_certificate /etc/maddy/certs/mail.abc.com/fullchain.cer;
ssl_certificate_key /etc/maddy/certs/mail.abc.com/abc.com.key;
index index.html index.php;
root /var/www/rainloop;
client_max_body_size 2G;
error_log /var/log/nginx/rainloop.error.log;
access_log /var/log/nginx/rainloop.access.log;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ^~/data {
deny all;
}
location ~ \.php$ {
# fastcgi_pass php-handler-https;
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
创建rainloop快捷方式
ln -s /etc/nginx/sites-available/rainloop_ssl /etc/nginx/sites-enabled/rainloop_ssl
测试配置
nginx -t
应用配置
systemctl reload nginx
查看php信息
https://webmail.abc.com/?/Info
邮件服务器测试
https://www.mail-tester.com/
接下来即可使用 Thunderbird 等邮件客户端收发邮件。
IMAP 服务器:mx1.abc.com:143
SMTP 服务器:mx1.abc.com:587
连接安全:STARTTLS