Zum Inhalt springen

E-Mail/Server/Setup

Aus Foxwiki

E-Mail-Server-Setup mit Postfix, Dovecot und MySQL

Beschreibung

Konfiguration eines E-Mail-Servers mit Postfix, Dovecot und MySQL

  1. DNS konfigurieren
  2. Datenbank einrichten
  3. Postfix installieren und einrichten
  4. Dovecot installieren und einrichten
  5. Testen des E-Mail-Server
  6. Weitere Domänen und E-Mail-Adressen hinzuzufügen

Voraussetzungen

  1. Linux-Server mit geeigneten Sicherheitsmaßnahmen

DNS konfigurieren

Wenn Sie bereit sind, das DNS zu aktualisieren und mit dem Senden von E-Mails an den Server zu beginnen, bearbeiten Sie die DNS-Einträge der Domäne, um Ihren E-Mail-Server zu definieren:

  • Fügen Sie einen DNS-Eintrag für Ihren E-Mail-Server hinzu
  • Dies kann entweder ein A-Eintrag sein, der auf die IP-Adresse Ihres Servers verweist, oder ein CNAME-Eintrag, der auf einen Domänennamen verweist.
  • Unabhängig davon, welcher Eintrag gewählt wird, setzen Sie den Hostnamen/Namen auf Mail.
MX-Record

Setzen Sie den Hostnamen/Namen auf @, den Mailserver auf mail.example.com (ersetzen Sie example.com durch Ihren Domainnamen) und die Priorität auf 10.

Beispielausgabe
@ MX 10 mail.example.com.
mail A 192.0.2.0
  • Vergewissern Sie sich, dass der MX-Eintrag für alle Domänen und Subdomänen geändert wird, die E-Mails empfangen könnten.
  • Wenn Sie eine neue Domäne einrichten, können Sie diese Schritte vor der Konfiguration des Mailservers durchführen.

Aktualisieren der Hosts-Datei

Stellen Sie sicher, dass

  • die Hosts-Datei eine Zeile für die öffentliche IP-Adresse enthält
  • mit dem Fully Qualified Domain Name (FQDN) verbunden ist

Im folgenden Beispiel ist 192.0.2.0 die öffentliche IP-Adresse, mail ist der lokale Hostname, und mail.example.com ist der FQDN

/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.0.2.0 mail.example.com mail

SSL-Zertifikat installieren

Sie müssen ein SSL-Zertifikat auf Ihrem Mailserver installieren, bevor Sie die Dovecot-Konfigurationsschritte abschließen.

  • Das SSL-Zertifikat authentifiziert die Identität des Mailservers gegenüber den Benutzern und verschlüsselt die übertragenen Daten zwischen dem Mail-Client des Benutzers und dem Mailserver.

Sie können zwar ein SSL-Zertifikat über eine beliebige Zertifizierungsstelle generieren, wir empfehlen jedoch die Verwendung von Certbot, um schnell und einfach ein kostenloses Zertifikat zu generieren.

  • Befolgen Sie diese Certbot-Anleitung und wählen Sie Ihre Linux-Distribution und Webserver-Software (oder "None", wenn dieser Server nur als Mailserver fungiert).
  • Nach der Installation führen Sie Certbot mit der Option certonly aus und geben Sie den FQDN-Namen Ihres Mailservers ein (z. B. mail.example.com):
# certbot certonly --standalone

Sie können auch die Anleitung Install an SSL Certificate with Certbot zu Rate ziehen.

  • Notieren Sie sich die Dateipfade für das Zertifikat und den privaten Schlüssel.
  • Sie benötigen die Pfade für die Dovecot Konfigurationsschritte.

Install Packages

Update your system
# apt-get update
# apt-get upgrade
Install the packages
# apt-get install postfix postfix-mysql dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql mysql-server

Dadurch wird das Paket mysql-server installiert, das in einigen neueren Versionen von Debian nicht standardmäßig verfügbar ist.

  • Wenn Sie eine Meldung erhalten, dass das Paket nicht verfügbar ist, installieren Sie stattdessen mariadb-server.
  • MariaDB ist ein sofort einsetzbarer MySQL-Ersatz.

Bei neueren Versionen von MySQL werden Sie nicht aufgefordert, ein Passwort für den Root-MySQL-Benutzer einzugeben.

  • Das liegt daran, dass MySQL unter Debian und Ubuntu jetzt standardmäßig entweder das unix_socket- oder auth_socket-Autorisierungs-Plugin verwendet.
  • Dieses Autorisierungsschema erlaubt es Ihnen, sich mit dem Root-Benutzer der Datenbank anzumelden, solange Sie sich mit dem Linux-Root-Benutzer auf localhost verbinden.

Wenn Sie dazu aufgefordert werden, wählen Sie Internet Site als Typ des Mailservers, den das Postfix-Installationsprogramm konfigurieren soll.

  • Im nächsten Fenster sollte der System Mail Name auf die Domäne gesetzt werden, über die Sie E-Mails senden und empfangen möchten.

"Choose “Internet Site” for Postfix." "Set the system mail name for Postfix."

Datenbank

siehe E-Mail:Server:Setup:Datenbank

Postfix

Postfix is a Mail Transfer Agent (MTA) that relays mail between your Server and the internet.

  • It is highly configurable, allowing for great flexibility.
  • This guide maintains many of Posfix’s default configuration values.

How Do Postfix And Dovecot Work Together?

Postfix and Dovecot work together to help make email servers function as intended (sending and receiving email) and accessible to whichever email client the end user wishes to use.

  • While Postfix manages email delivery and receipt, Dovecot allows email clients to connect to these emails when we want to read them.

Configuration File Settings for Postfix Email Server

The main.cf file is the primary configuration file used by Postfix.

  1. If you are still logged in to MySQL, return to your main Linux shell by typing exit and hitting enter.
  2. Make a copy of the default Postfix configuration file in case you need to revert to the default configuration:
# cp /etc/postfix/main.cf /etc/postfix/main.cf.orig
  1. Edit the /etc/postfix/main.cf file, replacing any occurrences of example.com with your domain name and verifying that the paths to the SSL certificate and private key are correct.
  • Here is an example file that can be used:
/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/example.com/privkey.pem
smtpd_use_tls=yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous

# Authentication
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

# Restrictions
smtpd_helo_restrictions ==
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_invalid_helo_hostname,
 reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions ==
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_recipient,
 reject_unknown_recipient_domain,
 reject_unlisted_recipient,
 reject_unauth_destination
smtpd_sender_restrictions ==
 permit_mynetworks,
 permit_sasl_authenticated,
 reject_non_fqdn_sender,
 reject_unknown_sender_domain
smtpd_relay_restrictions ==
 permit_mynetworks,
 permit_sasl_authenticated,
 defer_unauth_destination

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = example.com
myorigin = $mydomain
mydestination = localhost
relayhost ==
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

# Handing off local delivery to Dovecot's LMTP, and telling it where to store mail
virtual_transport = lmtp:unix:private/dovecot-lmtp

# Virtual domains, users, and aliases
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,
 mysql:/etc/postfix/mysql-virtual-email2email.cf

# Even more Restrictions and MTA params
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
#smtpd_etrn_restrictions = reject
#smtpd_reject_unlisted_sender = yes
#smtpd_reject_unlisted_recipient = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtp_always_send_ehlo = yes
#smtpd_hard_error_limit = 1
smtpd_timeout = 30s
smtp_helo_timeout = 15s
smtp_rcpt_timeout = 15s
smtpd_recipient_limit = 40
minimal_backoff_time = 180s
maximal_backoff_time = 3h

# Reply Rejection Codes
invalid_hostname_reject_code = 550
non_fqdn_reject_code = 550
unknown_address_reject_code = 550
unknown_client_reject_code = 550
unknown_hostname_reject_code = 550
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550

The main.cf file declares the location of virtual_mailbox_domains, virtual_mailbox_maps, and virtual_alias_maps files.

  • These files contain the connection information for the MySQL lookup tables created in the MySQL section of this guide.
  • Postfix will use this data to identify all domains, corresponding mailboxes, and valid users.
Create the file for virtual_mailbox_domains.

Replace the value for password with your database user’s password.

  • If you used a different name for your database user and dbname replace those with your own values:
/etc/postfix/mysql-virtual-mailbox-domains.cf
user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_domains WHERE name='%s'
Create the /etc/postfix/mysql-virtual-mailbox-maps.cf file

enter the following values.

  • Use the database user’s password and make any other changes as needed:
/etc/postfix/mysql-virtual-mailbox-maps.cf
user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT 1 FROM virtual_users WHERE email='%s'
Create the /etc/postfix/mysql-virtual-alias-maps.cf file

enter the following values.

  • Use the database user’s password and make any other changes as needed:
/etc/postfix/mysql-virtual-alias-maps.cf
user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT destination FROM virtual_aliases WHERE source='%s'


Create the /etc/postfix/mysql-virtual-email2email.cf file

enter the following values.

  • Use the database user’s password and make any other changes as needed:
/etc/postfix/mysql-virtual-email2email.cf
user = mailuser
password = mailuserpass
hosts = 127.0.0.1
dbname = mailserver
query = SELECT email FROM virtual_users WHERE email='%s'
Restart Postfix
# systemctl restart postfix

Testing Postfix

We can test the Postfix configuration by using the postmap command, which can query Postfix’s lookup tables.# Enter the following command to ensure that Postfix can query the virtual_domains table.

  • Replace example.com with the first name value.
  • The command should return 1 if it is successful:
# postmap -q example.com mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
  1. Test Postfix to verify that it can retrieve the first email address from the MySQL table virtual_users.
  • Replace email1@example.com with the first email address added to the table.
  • You should receive 1 as the output:
# postmap -q email1@example.com mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
  1. Test Postfix to verify that it can query the virtual_aliases table.
  • Replace alias@example.com with the first source value created in the table.
  • The command should return the destination value for the row:
# postmap -q alias@example.com mysql:/etc/postfix/mysql-virtual-alias-maps.cf

Master Program Settings

  • Postfix’s master program starts and monitors all of Postfix’s processes.
  • The configuration file master.cf lists all programs and information on how they should be started.

Make a copy of the /etc/postfix/master.cf file: 

# cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
Edit /etc/postfix/master.cf to contain the values in the excerpt below.

The rest of the file can remain unchanged 

#  File: /etc/postfix/master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)    (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       y      -       -       smtpd
 -o syslog_name=postfix/submission
 -o smtpd_tls_security_level=encrypt
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_reject_unlisted_recipient=no
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       -       -       -       smtpd
 -o syslog_name=postfix/smtps
 -o smtpd_tls_wrappermode=yes
 -o smtpd_sasl_auth_enable=yes
 -o smtpd_sasl_type=dovecot
 -o smtpd_sasl_path=private/auth
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o milter_macro_daemon_name=ORIGINATING
[...]
Change the permissions

of the /etc/postfix directory to restrict permissions to allow only its owner and the corresponding group 

# chmod -R o-rwx /etc/postfix
Restart Postfix
# systemctl restart postfix

Dovecot

siehe Dovecot#Installation

Testing

  1. To send and receive test emails to your mail server, install the Mailutils package:
# apt-get install mailutils
  1. Send a test email to an email address outside of your mail server, like a Gmail account.
  • Replace email1@example.com with an email address from your mail server:
echo "Email body text" |  # mail -s "Email subject line" recipient@gmail.com -aFrom:email1@example.com
  1. Log in to the test email account and verify that you have received the email from the specified mail server email address.
  2. Send a test email to your mail server from an outside email address.
  • Log back in and check that the email was received; substitute in the username and domain you sent the mail to:
# mail -f /var/mail/vhosts/example.com/email1

When prompted, enter the number corresponding to the email you would like to view: 

"/var/mail/vhosts/example.com/": 9 messages 5 new 4 unread
U   1 John Doe     Wed Jun 27 16:00  57/2788  Test email 1
U   2 John Doe     Wed Jun 27 16:02  56/2761  Test email 2
U   3 John Doe     Wed Jun 27 16:35  15/594   Test email 3
U   4 John Doe     Wed Jun 27 16:42  71/3535  Test email 4
>N   5 John Doe     Mon Jul  2 10:55  13/599   Subject of the Email
?

The email message header and body should display.

  • Consider adding spam and virus filtering and a webmail client.

See Troubleshooting problems with Postfix, Dovecot, and MySQL for debugging steps.

Configuring an Email Client

You can set up an email client to connect to your mail server.

  • Many clients detect server settings automatically.
  • Manual configuration requires the following parameters:
  • Username: An email address that was configured (ex: user@example.com).
  • Password: The password configured for that email.
  • Server: (Both incoming and outgoing) A domain that resolves to the Server (such as mail.example.com)
  • IMAP: Set the port to 993 and the SSL/Security settings to SSL/TLS or equivalent.
  • POP3: If using POP3 instead of IMAP, set the port to 995 and require SSL.
  • SMTP: Set the port to 587 and the SSL/Security settings to STARTTLS or equivalent.
Note
The Thunderbird email client will sometimes have trouble automatically detecting account settings when using Dovecot.
  • After it fails to detect the appropriate account settings, you can set up your email account manually.
  • Add in the appropriate information for each setting, using the above values, leaving no setting on Auto or Autodetect.
  • Once you have entered all the information about your mail server and account, press Done rather Re-Test and Thunderbird should accept the settings and retrieve your mail.

Managing Spam

SpamAssassin

Apache SpamAssassin is a free and open source platform that allows us to find and filter out spam email.

  • This software is commonly used in tandem with Postfix and Dovecot.
Install SpamAssassin
# apt-get install spamassassin spamc
Create a user for SpamAssassin daemon(spamd)
# adduser spamd --disabled-login
Edit the /etc/default/spamassassin configuration file.

Set the home directory, update the OPTIONS parameter with the user that was just created (as well as the home directory), and update the CRON parameter to 1. 

File: /etc/default/spamassassin
[...]

HOMEDIR="/home/spamd/"
OPTIONS="--create-prefs --max-children 5 --username spamd --helper-home-dir ${HOMEDIR} -s ${HOMEDIR}spamd.log"
PIDFILE="${HOMEDIR}spamd.pid"

[...]

CRON=1

Here is a detailed documentation of SpamAssassin’s configuration file that you can refer to while working through these next steps.

Configure the Postfix email server to check each email with a score > 5.0, mark it as SPAM, and send it directly to the junk folder.
  • Add or adjust the following lines inside /etc/spamassassin/local.cf to setup your anti-spam rules:
  • File: /etc/spamassassin/local.cf
...

rewrite_header Subject ***** SPAM _SCORE_ ***** report_safe 0 required_score 5.0 use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 skip_rbl_checks 0 use_razor2 0 use_dcc 0 use_pyzor 0

...

  • Set up your Postfix email server to allow anti-spam configuration to check incoming emails.
  • Edit /etc/postfix/master.cf and add a filter:
  1. File: /etc/postfix/master.cf
...

smtp inet n - - - - smtpd -o content_filter=spamassassin

...

spamassassin unix - n n - - pipe 

user=spamd argv=/usr/bin/spamc -f -e

/usr/sbin/sendmail -oi -f ${sender} ${recipient}

  1. Start Spamassassin and enable the service to start on boot:
# systemctl start spamassassin
# systemctl enable spamassassin

If not using systemd (as is the case with Debian 7 and earlier), edit the /etc/default/spamassassin configuration file instead.

  • Set the ENABLED parameter to 1.
  1. Restart the Postfix email server to get your new anti-spam settings in place:
# systemctl restart postfix

Konfiguration

Dateien

Sicherheit

Siehe auch

Links

Projekt-Homepage

Weblinks

  1. https://www.linode.com/docs/guides/email-with-postfix-dovecot-and-mysql/
  2. Troubleshooting Problems with Postfix, Dovecot, and MySQL
  3. Postfix Basic Configuration
  4. Postfix SASL Howto
  5. Dovecot Wiki

Einzelnachweise

Testfragen

Testfrage 1

Antwort1

Testfrage 2

Antwort2

Testfrage 3

Antwort3

Testfrage 4

Antwort4

Testfrage 5

Antwort5
Abgerufen von „https://wiki.foxtom.de/index.php?title=E-Mail/Server/Setup&oldid=44081