本文共 11238 字，大约阅读时间需要 37 分钟。

一、 安装准备

1、 添加DNS解析记录

• 先添加 A 记录 mail.sst888.com 解析为你的邮件服务器IP
• 再添加 MX 记录指向 mail.sst888.com

2、 配置iptables防火墙

#关闭iptables/etc/init.d/iptables stop#暂时关闭selinuxsetenforce 0#修改参数，永久关闭Selinuxvim /etc/selinux/config SELINUX=disabled

---

• 如必须开启iptables，请开启相关端口权限。

# 根如必须开启iptables据默认规则，开启以下端口权限*filter:INPUT DROP [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]# http, https-A INPUT -p tcp --dport 80 -j ACCEPT# smtp, submission-A INPUT -p tcp --dport 25 -j ACCEPT-A INPUT -p tcp --dport 587 -j ACCEPT# pop3, pop3s-A INPUT -p tcp --dport 110 -j ACCEPT-A INPUT -p tcp --dport 995 -j ACCEPT# imap, imaps-A INPUT -p tcp --dport 143 -j ACCEPT-A INPUT -p tcp --dport 993 -j ACCEPT

---

3、 配置hostname

#暂时绑定hostshostname mail.ali.com#修改network文件vim /etc/sysconfig/networkHOSTNAME=mail.ali.com#添加本地hostsvim /etc/hosts112.74.28.201 mail.ali.com

4、 配置软件源.

#新建repo文件，添加第三方软件源.# vim /etc/yum.repos.d/ali.repo[epel]name=Extra Packages for Enterprise Linux 6 - $basearchbaseurl=http://mirrors.aliyun.com/epel/6/$basearch        http://mirrors.aliyuncs.com/epel/6/$basearchenabled=1gpgcheck=0[epel-debuginfo]name=Extra Packages for Enterprise Linux 6 - $basearch - Debugbaseurl=http://mirrors.aliyun.com/epel/6/$basearch/debug        http://mirrors.aliyuncs.com/epel/6/$basearch/debugenabled=1gpgcheck=0[epel-source]name=Extra Packages for Enterprise Linux 6 - $basearch - Sourcebaseurl=http://mirrors.aliyun.com/epel/6/SRPMS        http://mirrors.aliyuncs.com/epel/6/SRPMSenabled=1gpgcheck=0

---

二、 环境配置

1、 配置LAMP环境

#添加用户，并用yum安装LAMP相关软件useradd -u 2000 -d /var/vmail -m -s /sbin/nologin vmailyum -y install httpd mysql mysql-devel mysql-server php php-pecl-Fileinfo php-mcrypt php-devel php-mysql php-common php-mbstring php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc pcre pcre-devel

2、 整合Apache和PHP

#修改配置文件#vim /etc/httpd/conf/httpd.conf#增加以下参数AddType application/x-httpd-php .php PHPIniDir "/etc/php.ini"#修改以下参数DirectoryIndex index.php index.html index.html.varUser vmailGroup vmail

3、 测试php解析

#新建测试PHP文件#vim /var/www/html/index.php
   #重启Apache/etc/init.d/httpd restart

注：打开浏览器，输入你的IP，看到PHP详细信息，LAMP环境OK.

---

三、 配置postfixadmin

1、 下载 postfixadmin

#下载并改名并解压postfixadmincd /var/www/html && wget http://nchc.dl.sourceforge.net/project/postfixadmin/postfixadmin/postfixadmin-2.92/postfixadmin-2.92.tar.gz && tar xvf postfixadmin-2.92.tar.gz  && mv postfixadmin-2.92 postfixadmin#提前安装dovecot，配置postfixadmin需要用到yum install -y  dovecot dovecot-devel dovecot-mysql

2、 修改配置文件

#备份配置文件cd /var/www/html/postfix && cp config.inc.php config.inc.php.bak && cp setup.php setup.php.bak #修改配置文件中以下参数vim config.inc.php$CONF['configured'] = true;$CONF['database_type'] = 'mysql';$CONF['database_host'] = 'localhost';$CONF['database_user'] = 'postfix';$CONF['database_password'] = 'postfix';$CONF['database_name'] = 'postfix';$CONF['admin_email'] = 'postmaster@sst888.com';$CONF['encrypt'] = 'dovecot:CRAM-MD5';$CONF['dovecotpw'] = "/usr/bin/doveadm pw";$CONF['domain_path'] = 'YES';$CONF['domain_in_mailbox'] = 'NO';$CONF['aliases'] = '1000';$CONF['mailboxes'] = '1000';$CONF['maxquota'] = '1000';$CONF['fetchmail'] = 'NO';$CONF['quota'] = 'YES';$CONF['used_quotas'] = 'YES';$CONF['new_quota_table'] = 'YES';

#Mysql中建库并授权,后面配置都需要于现在授权信息一致/etc/init.d/mysqld start mysqlmysql> create database postfix;mysql> grant all on postfix.* to postfix@'localhost' identified by 'postfix';mysql> flush privileges;#测试能否登录mysql -upostfix -ppostfix#修改所有者和所有组chown -R vmail.vmail /var/www/html/postfixadmin/chown -R vmail.vmail /var/lib/php/session/

3、 配置Postfixadmin

• 图文配置请点击查看！

---

四、 配置Postfix

1、 安装postfix

#yum安装postfixyum remove -y sendmail && yum install postfix

2、 配置postfix

• 修改postfix配置文件

#vim /etc/postfix/main.cf#修改以下参数myhostname = mail.free.commydomain = free.commyorigin = $mydomaininet_interfaces = allmynetworks_style = hostmynetworks = 192.168.18/24, 127.0.0.0/8#添加以下参数#虚拟域名配置virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cfvirtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cfvirtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf# Additional for quota supportvirtual_create_maildirsize = yesvirtual_mailbox_extended = yesvirtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cfvirtual_mailbox_limit_override = yesvirtual_maildir_limit_message = Sorry, this user has exceeded their disk space quota, please try again later.virtual_overquota_bounce = yes#Specify the user/group that owns the mail folders. I'm not sure if this is strictly necessary when using Dovecot's LDA.virtual_uid_maps = static:2000virtual_gid_maps = static:2000#Specifies which tables proxymap can read: http://www.postfix.org/postconf.5.html#proxy_read_mapsproxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps#SASL SUPPORT FOR CLIENTS# Turns on sasl authorizationsmtpd_sasl_auth_enable = yes#Use dovecot for authenticationsmtpd_sasl_type = dovecot# Path to UNIX socket for SASLsmtpd_sasl_path = /var/run/dovecot/auth-client#Disable anonymous login. We don't want to run an open relay for spammers.smtpd_sasl_security_options = noanonymous#Adds support for email software that doesn't follow RFC 4954.#This includes most versions of Microsoft Outlook before 2007.broken_sasl_auth_clients = yessmtpd_recipient_restrictions =  permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination# TRANSPORT MAPvirtual_transport = dovecotdovecot_destination_recipient_limit = 1

#vim /etc/postfix/master.cf#注意flags前面的空格dovecot   unix  -       n       n       -       -       pipe  flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}

• 创建Mysql脚本

  • 请注意user password dbname 要和上面配置postfixadmin中授权的一致。

#vim /etc/postfix/mysql_virtual_domains_maps.cfuser = postfixpassword = postfixhosts = localhostdbname = postfixquery = SELECT domain FROM domain WHERE domain='%s' AND active = '1'#optional query to use when relaying for backup MX#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

# vim /etc/postfix/mysql_virtual_alias_maps.cfuser = postfixpassword = postfixhosts = localhostdbname = postfixquery = SELECT goto FROM alias WHERE address='%s' AND active = '1'

#vim /etc/postfix/mysql_virtual_mailbox_maps.cfuser = postfixpassword = postfixhosts = localhostdbname = postfixquery = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'

#vim /etc/postfix/mysql_virtual_mailbox_limit_maps.cfuser = postfixpassword = postfixhosts = localhostdbname = postfixquery = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

---

五、 配置Dovecot

1、 修改配置文件

• 以下配置都是在原文件基础上修改

#vim /etc/dovecot/dovecot.confprotocols = imap pop3listen = *dict {  quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext}!include conf.d/*.conf

#vim /etc/dovecot/conf.d/10-auth.confdisable_plaintext_auth = noauth_mechanisms = plain login cram-md5!include auth-sql.conf.ext

#vim /etc/dovecot/conf.d/10-mail.confmail_location = maildir:%hMaildirmbox_write_locks = fcntl

#vim /etc/dovecot/conf.d/10-master.confservice imap-login {  inet_listener imap {  }  inet_listener imaps {  }}service pop3-login {  inet_listener pop3 {  }  inet_listener pop3s {  }}service lmtp {  unix_listener lmtp {  }}service imap {}service pop3 {}service auth {  unix_listener auth-userdb {    mode = 0600    user = vmail    group = vmail  }#新加下面一段，为smtp做认证  unix_listener auth-client {    mode = 0600    user = postfix    group = postfix  }}service auth-worker {}service dict {  unix_listener dict {    mode = 0600    user = vmail    group = vmail  }}

#vim /etc/dovecot/conf.d/15-lda.confprotocol lda {  mail_plugins = quota  postmaster_address = postmaster@sst888.com #管理员邮箱}

#vim /etc/dovecot/conf.d/20-imap.confprotocol imap {        mail_plugins = quota imap_quota}

#vim /etc/dovecot/conf.d/20-pop3.confprotocol pop3 {  pop3_uidl_format = %08Xu%08Xv  mail_plugins = quota}

#vim /etc/dovecot/conf.d/90-quota.confplugin {  quota_rule = *:storage=1G}plugin {}plugin {  quota = dict:User quota::proxy::quota}plugin {}

2、 添加配置文件

• 以下配置文件为新添加文件

#vim /etc/dovecot/dovecot-sql.conf.extdriver = mysqlconnect = host=localhost dbname=postfix user=postfix password=postfixdefault_pass_scheme = CRAM-MD5user_query = SELECT CONCAT('/var/vmail/', maildir) AS home, 2000 AS uid, 2000 AS gid, CONCAT('*:bytes=', quota) as quota_rule FROM mailbox WHERE username = '%u' AND active='1'password_query = SELECT username AS user, password, CONCAT('/var/vmail/', maildir) AS userdb_home, 2000 AS userdb_uid, 2000 AS userdb_gid, CONCAT('*:bytes=', quota) as userdb_quota_rule FROM mailbox WHERE username = '%u' AND active='1'

#vim /etc/dovecot/dovecot-dict-sql.conf.extconnect = host=localhost dbname=postfix user=postfix password=postfixmap {  pattern = priv/quota/storage  table = quota2  username_field = username  value_field = bytes}map {  pattern = priv/quota/messages  table = quota2  username_field = username  value_field = messages}

---

六、 测试SMTP和POP3服务

1、 新建域及用户

• 新建邮箱域名
• 新建邮箱用户

2、 测试SMTP协议

#telnet localhost smtpTrying 127.0.0.1...Connected to localhost.Escape character is '^]'.220 mail.ali.com ESMTP Postfixehlo sst888.com250-mail.ali.com250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH PLAIN LOGIN CRAM-MD5250-AUTH=PLAIN LOGIN CRAM-MD5250-ENHANCEDSTATUSCODES250-8BITMIME250 DSNquit221 2.0.0 ByeConnection closed by foreign host.

3、 测试POP3协议

#telnet localhost pop3Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.+OK Dovecot ready.user test@sst888.com+OKpass test123456+OK Logged in.quit+OK Logging out.Connection closed by foreign host.

---

七、 配置Roundcubemail

1、 下载roundcubemail

# 下载解压并改名cd /var/www/html &&wget https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.0.6/roundcubemail-1.0.6.tar.gz && tar xvf roundcubemail-1.0.6.tar.gz && mv roundcubemail-1.0.6/ webmail

2、 配置roundcubemail

#更改时区#vim /etc/php.inidate.timezone = Asia/Shanghai#更改所有者所有组chown vmail.vmail -R /var/www/html/webmail/#重启Apache/etc/init.d/httpd restart# Mysql授权，稍后配置需要用到# mysqlmysql> CREATE DATABASE roundcubemail;mysql> GRANT ALL PRIVILEGES ON roundcubemail.* TO roundcubemail@localhost IDENTIFIED BY 'roundcubemail';mysql> FLUSH PRIVILEGES;

• http://邮件服务器IP/webmail/installer.php 进行配置

• 登陆 http://服务器IP/webmail 使用邮件系统

---

八、 相关善后工作

1、 安全配置项目

#删除安装记录信息文件rm  -rf /var/www/html/webmail/installer/# config 目录涉及账号信息# 修改配置 使用目录容器 禁止访问# vim /etc/httpd/conf/httpd.conf
   Order allow,denyDeny from all

2、 开启相关服务

#开机启动chkconfig httpd on chkconfig mysqld onchkconfig dovecot onchkconfig postfix on

---

九、 常见错误指引

• 收信正常，发信异常。
• error，send mail falt
  • 请仔细检查 postfix 配置

---

• 连接IMAP失败。
• 发信正常，收信异常。
• ERR Authentication failed. 认证失败
  • 请仔细检查 dovecot 配置

---

• webmail登录页面输入账号密码后会重新返回登录页面

#修改session所有者和所有组chown -R vmail.vmail /var/lib/php/session/#重启Apache/etc/init.d/httpd restart

---

• fatal: no SASL authentication mechanisms

#安装SASL组件 yum install  cyrus-sasl* -y

---

• can’t proc_open /usr/bin/doveadmpw
• can’t encrypt password with dovecotpw

#查看postfixadmin配置文件，doveadm pw 之间有空格 vim /var/www/html/postfixadmin/config.inc.php$CONF['dovecotpw'] = "/usr/bin/doveadm pw";

---

• 参考文档