Maddy:修订间差异

来自MalacoKnowledge
imported>Malacology
init
 
imported>Malacology
add key
第190行: 第190行:


信件存储在 <code>/var/lib/maddy/messages</code> sqlite 存储在 <code>/var/lib/maddy/</code>
信件存储在 <code>/var/lib/maddy/messages</code> sqlite 存储在 <code>/var/lib/maddy/</code>
=== SSL key ===
# setfacl -R -m u:maddy:rX /etc/letsencrypt/{live,archive}
===systemd 配置===
===systemd 配置===
<pre>$ vim /usr/lib/systemd/system/maddy.service
<pre>$ vim /usr/lib/systemd/system/maddy.service

2022年5月30日 (一) 16:23的版本

Maddy 是 Golang 写的易于配置的邮箱收发服务器,集成了 IMAP 和 SMTP 以及 DKIM ,十分方便。

安装

$ yay -S maddy

这里我使用 sqlite

# pacman -S sqlite

配置文件

Maddy 配置

$ vim /etc/maddy/maddy.conf

内容如下

## Maddy Mail Server - default configuration file (2021-08-16)
  1. Suitable for small-scale deployments. Uses its own format for local users DB,
  2. should be managed via maddyctl utility.
  3. See tutorials at https://maddy.email for guidance on typical
  4. configuration changes.
  5. See manual pages (also available at https://maddy.email) for reference
  6. documentation.
  1. ----------------------------------------------------------------------------
  2. Base variables

$(hostname) = DOMAIN $(primary_domain) = DOMAIN $(local_domains) = $(primary_domain)

  1. tls file /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem

tls file /etc/letsencrypt/live/$(local_domains)/fullchain.pem /etc/letsencrypt/live/$(local_domains)/privkey.pem

  1. ----------------------------------------------------------------------------
  2. Local storage & authentication
  1. pass_table provides local hashed passwords storage for authentication of
  2. users. It can be configured to use any "table" module, in default
  3. configuration a table in SQLite DB is used.
  4. Table can be replaced to use e.g. a file for passwords. Or pass_table module
  5. can be replaced altogether to use some external source of credentials (e.g.
  6. PAM, /etc/shadow file).
  7. If table module supports it (sql_table does) - credentials can be managed
  8. using 'maddyctl creds' command.

auth.pass_table local_authdb {

   table sql_table {
       driver sqlite3
       dsn credentials.db
       table_name passwords
   }

}

  1. imapsql module stores all indexes and metadata necessary for IMAP using a
  2. relational database. It is used by IMAP endpoint for mailbox access and
  3. also by SMTP & Submission endpoints for delivery of local messages.
  4. IMAP accounts, mailboxes and all message metadata can be inspected using
  5. imap-* subcommands of maddyctl utility.

storage.imapsql local_mailboxes {

   driver sqlite3
   dsn imapsql.db

}

  1. ----------------------------------------------------------------------------
  2. SMTP endpoints + message routing

hostname $(hostname)

table.chain local_rewrites {

   optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3"
   optional_step static {
       entry postmaster postmaster@$(primary_domain)
   }
   optional_step file /etc/maddy/aliases

}

msgpipeline local_routing {

   # Insert handling for special-purpose local domains here.
   # e.g.
   # destination lists.example.org {
   #     deliver_to lmtp tcp://127.0.0.1:8024
   # }
   destination postmaster $(local_domains) {
       modify {
           replace_rcpt &local_rewrites
       }
       deliver_to &local_mailboxes
   }
   default_destination {
       reject 550 5.1.1 "User doesn't exist"
   }

}

smtp tcp://0.0.0.0:25 {

   limits {
       # Up to 20 msgs/sec across max. 10 SMTP connections.
       all rate 20 1s
       all concurrency 10
   }
   dmarc yes
   check {
       require_mx_record
       dkim
       spf
   }
   source $(local_domains) {
       reject 501 5.1.8 "Use Submission for outgoing SMTP"
   }
   default_source {
       destination postmaster $(local_domains) {
           deliver_to &local_routing
       }
       default_destination {
           reject 550 5.1.1 "User doesn't exist"
       }
   }

} submission tls://[::]:465 {

  1. submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
   limits {
       # Up to 50 msgs/sec across any amount of SMTP connections.
       all rate 50 1s
   }
   auth &local_authdb
   source $(local_domains) {
       check {
           authorize_sender {
               prepare_email &local_rewrites
               user_to_email identity
           }
       }
       destination postmaster $(local_domains) {
           deliver_to &local_routing
       }
       default_destination {
           modify {
               dkim $(primary_domain) $(local_domains) default
           }
           deliver_to &remote_queue
       }
   }
   default_source {
       reject 501 5.1.8 "Non-local sender domain"
   }

}

target.remote outbound_delivery {

   limits {
       # Up to 20 msgs/sec across max. 10 SMTP connections
       # for each recipient domain.
       destination rate 20 1s
       destination concurrency 10
   }
   mx_auth {
       dane
       mtasts {
           cache fs
           fs_dir mtasts_cache/
       }
       local_policy {
           min_tls_level none
           min_mx_level none
       }
   }

}

target.queue remote_queue {

   target &outbound_delivery
   autogenerated_msg_domain $(primary_domain)
   bounce {
       destination postmaster $(local_domains) {
           deliver_to &local_routing
       }
       default_destination {
           reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
       }
   }

}

  1. ----------------------------------------------------------------------------
  2. IMAP endpoints

imap tls://[::]:993 {

  1. imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
   auth &local_authdb
   storage &local_mailboxes
}

主要修改 min_tls_levelnone 为了 office365/outlook 通讯。还有hostname primary_domain 以及 tls 文件位置

信件存储在 /var/lib/maddy/messages sqlite 存储在 /var/lib/maddy/

SSL key

# setfacl -R -m u:maddy:rX /etc/letsencrypt/{live,archive}

systemd 配置

$ vim /usr/lib/systemd/system/maddy.service
$ vim /usr/lib/systemd/system/[email protected]

可以修改成你需要的,但是如果要修改为 root 那么

User=root

Group=root

  1. AmbientCapabilities=CAP_NET_BIND_SERVICE
  2. CapabilityBoundingSet=CAP_NET_BIND_SERVICE

之后

# systemctl enable maddy
  1. systemctl start maddy

用户配置

$ maddyctl creds create/password <[email protected]> --password <YourPassword> #创建用户/更改用户密码
$ maddyctl creds create #删除用户
$ maddyctl creds list # 查看你刚创建的用户名

$ maddyctl imap-acct create/remove <[email protected]> # 创建/删除一个邮件储存账户
$ maddyctl imap-acct list # 查看刚创建的 imap 储存账户

$ maddyctl imap-mboxes list <[email protected]> # 可以看到该账户下有哪些分类
$ maddyctl imap-msgs list <[email protected]> <INBOX> # 可以查看当前账户对应分类接收到的邮件,一般收件在 INBOX 中

端口

以下端口需要开放

  • 25:通信
  • 465: SMTP
  • 993: IMAP

解析

A 记录

  • type: A
  • host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
  • value: IP

MX 记录

  • type: MX
  • host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
  • value: domain

送信优化

DKIM

/var/lib/maddy/dkim_keys 下的 .dns 文件存在,文件内容即是 DKIM 解析

添加解析

  • type: TXT
  • host: default._domainkey
  • value: .dns 内容

SPF

添加解析

  • type: TXT
  • host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
  • value: v=spf1 mx ~all

收信优化

DMARC

  • type: TXT
  • host: _dmarc
  • value: v=DMARC1; p=quarantine;

p 可以为 none quarantine reject 分别 接受不处理、接受并处理、拒绝 没经过 DMARC 检验的邮件