Maddy:修订间差异
imported>Malacology init |
imported>Malacology add key |
||
第190行: | 第190行: | ||
信件存储在 <code>/var/lib/maddy/messages</code> sqlite 存储在 <code>/var/lib/maddy/</code> | 信件存储在 <code>/var/lib/maddy/messages</code> sqlite 存储在 <code>/var/lib/maddy/</code> | ||
=== SSL key === | |||
# setfacl -R -m u:maddy:rX /etc/letsencrypt/{live,archive} | |||
===systemd 配置=== | ===systemd 配置=== | ||
<pre>$ vim /usr/lib/systemd/system/maddy.service | <pre>$ vim /usr/lib/systemd/system/maddy.service |
2022年5月30日 (一) 16:23的版本
Maddy 是 Golang 写的易于配置的邮箱收发服务器,集成了 IMAP 和 SMTP 以及 DKIM ,十分方便。
安装
$ yay -S maddy
这里我使用 sqlite
# pacman -S sqlite
配置文件
Maddy 配置
$ vim /etc/maddy/maddy.conf
内容如下
## Maddy Mail Server - default configuration file (2021-08-16)
- Suitable for small-scale deployments. Uses its own format for local users DB,
- should be managed via maddyctl utility.
- See tutorials at https://maddy.email for guidance on typical
- configuration changes.
- See manual pages (also available at https://maddy.email) for reference
- documentation.
- ----------------------------------------------------------------------------
- Base variables
$(hostname) = DOMAIN $(primary_domain) = DOMAIN $(local_domains) = $(primary_domain)
- tls file /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem
tls file /etc/letsencrypt/live/$(local_domains)/fullchain.pem /etc/letsencrypt/live/$(local_domains)/privkey.pem
- ----------------------------------------------------------------------------
- Local storage & authentication
- pass_table provides local hashed passwords storage for authentication of
- users. It can be configured to use any "table" module, in default
- configuration a table in SQLite DB is used.
- Table can be replaced to use e.g. a file for passwords. Or pass_table module
- can be replaced altogether to use some external source of credentials (e.g.
- PAM, /etc/shadow file).
- If table module supports it (sql_table does) - credentials can be managed
- using 'maddyctl creds' command.
auth.pass_table local_authdb {
table sql_table { driver sqlite3 dsn credentials.db table_name passwords }}
- imapsql module stores all indexes and metadata necessary for IMAP using a
- relational database. It is used by IMAP endpoint for mailbox access and
- also by SMTP & Submission endpoints for delivery of local messages.
- IMAP accounts, mailboxes and all message metadata can be inspected using
- imap-* subcommands of maddyctl utility.
storage.imapsql local_mailboxes {
driver sqlite3 dsn imapsql.db}
- ----------------------------------------------------------------------------
- SMTP endpoints + message routing
hostname $(hostname)
table.chain local_rewrites {
optional_step regexp "(.+)\+(.+)@(.+)" "$1@$3" optional_step static { entry postmaster postmaster@$(primary_domain) } optional_step file /etc/maddy/aliases}
msgpipeline local_routing {
# Insert handling for special-purpose local domains here. # e.g. # destination lists.example.org { # deliver_to lmtp tcp://127.0.0.1:8024 # }destination postmaster $(local_domains) { modify { replace_rcpt &local_rewrites }deliver_to &local_mailboxes }default_destination { reject 550 5.1.1 "User doesn't exist" }}
smtp tcp://0.0.0.0:25 {
limits { # Up to 20 msgs/sec across max. 10 SMTP connections. all rate 20 1s all concurrency 10 }dmarc yes check { require_mx_record dkim spf }source $(local_domains) { reject 501 5.1.8 "Use Submission for outgoing SMTP" } default_source { destination postmaster $(local_domains) { deliver_to &local_routing } default_destination { reject 550 5.1.1 "User doesn't exist" } }} submission tls://[::]:465 {
- submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
limits { # Up to 50 msgs/sec across any amount of SMTP connections. all rate 50 1s }auth &local_authdbsource $(local_domains) { check { authorize_sender { prepare_email &local_rewrites user_to_email identity } }destination postmaster $(local_domains) { deliver_to &local_routing } default_destination { modify { dkim $(primary_domain) $(local_domains) default } deliver_to &remote_queue } } default_source { reject 501 5.1.8 "Non-local sender domain" }}
target.remote outbound_delivery {
limits { # Up to 20 msgs/sec across max. 10 SMTP connections # for each recipient domain. destination rate 20 1s destination concurrency 10 } mx_auth { dane mtasts { cache fs fs_dir mtasts_cache/ } local_policy { min_tls_level none min_mx_level none } }}
target.queue remote_queue {
target &outbound_deliveryautogenerated_msg_domain $(primary_domain) bounce { destination postmaster $(local_domains) { deliver_to &local_routing } default_destination { reject 550 5.0.0 "Refusing to send DSNs to non-local addresses" } }}
- ----------------------------------------------------------------------------
- IMAP endpoints
imap tls://[::]:993 {
- imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
auth &local_authdb storage &local_mailboxes}
主要修改 min_tls_level
为 none
为了 office365/outlook 通讯。还有hostname
primary_domain
以及 tls
文件位置
信件存储在 /var/lib/maddy/messages
sqlite 存储在 /var/lib/maddy/
SSL key
# setfacl -R -m u:maddy:rX /etc/letsencrypt/{live,archive}
systemd 配置
$ vim /usr/lib/systemd/system/maddy.service $ vim /usr/lib/systemd/system/[email protected]
可以修改成你需要的,但是如果要修改为 root
那么
User=rootGroup=root
- AmbientCapabilities=CAP_NET_BIND_SERVICE
- CapabilityBoundingSet=CAP_NET_BIND_SERVICE
之后
# systemctl enable maddy
- systemctl start maddy
用户配置
$ maddyctl creds create/password <[email protected]> --password <YourPassword> #创建用户/更改用户密码 $ maddyctl creds create #删除用户 $ maddyctl creds list # 查看你刚创建的用户名 $ maddyctl imap-acct create/remove <[email protected]> # 创建/删除一个邮件储存账户 $ maddyctl imap-acct list # 查看刚创建的 imap 储存账户 $ maddyctl imap-mboxes list <[email protected]> # 可以看到该账户下有哪些分类 $ maddyctl imap-msgs list <[email protected]> <INBOX> # 可以查看当前账户对应分类接收到的邮件,一般收件在 INBOX 中
端口
以下端口需要开放
- 25:通信
- 465: SMTP
- 993: IMAP
解析
A 记录
- type: A
- host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
- value: IP
MX 记录
- type: MX
- host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
- value: domain
送信优化
DKIM
在 /var/lib/maddy/dkim_keys
下的 .dns 文件存在,文件内容即是 DKIM 解析
添加解析
- type: TXT
- host: default._domainkey
- value: .dns 内容
SPF
添加解析
- type: TXT
- host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
- value: v=spf1 mx ~all
收信优化
DMARC
- type: TXT
- host: _dmarc
- value: v=DMARC1; p=quarantine;
p 可以为 none
quarantine
reject
分别 接受不处理、接受并处理、拒绝 没经过 DMARC 检验的邮件