Mail 服务器部署文档(Mailu)

备注说明

1.只要全部做对了,不大可能会失败,失败了可以联系我(b64解密): azY2Ocg5OUAxMzkuY25t
2.重点在于服务器 25 端口是否开放(封的都是出站流量)
3.域名解析务必一条不要少,这就是最少的了,要不搭建好了也得进垃圾箱!
4.给 QQ邮箱发邮件,单次最多不要超过1000封,不然会被办
5.下面的搭建好了之后,后面需要改域名就简单很多了,只需要把 mailu.env 文件中的域名改掉,然后域名解析复制一封即可
6.初次搭建的情况下,执行 docker-compose up -d 可能很慢,因为需要 Pull 所有需要的 Docker 镜像需要耐心等待,或者使用国内 Docker 源加速,修改 Docker 源太过简单,可以参考如下链接: 参考文档

1.环境列表清单

1.1 检测端口是否开放

服务器执行如下命令测试 25 端口是否开放:

返回内容与如下返回一致即为开放否则可能会导致只能收邮件不能发邮件 (也有可能收也不能收)

0x01 第一种方式(Telnet方式)

> telnet smtp.exmail.qq.com 25
[root@mail ~]# telnet smtp.exmail.qq.com 25
Trying 124.156.190.79...
Connected to smtp.exmail.qq.com.
Escape character is '^]'.
220 smtp.qq.com Esmtp QQ Mail Server
[root@mail ~]# 

0x02 第二种方式(NC方式)

> nc -zv smtp.exmail.qq.com 25
[root@mail ~]# nc -zv smtp.exmail.qq.com 25
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 101.32.113.90:25.
Ncat: 0 bytes sent, 0 bytes received in 0.23 seconds.
[root@mail ~]# 

1.2 服务器性能配置清单

CPU: 1 CPUs
内存: 1024MB
硬盘: 10GB
端口: 全端口开放
系统: Centos7.X 64bit
出网带宽: 200M (不影响搭建,小水管会慢一点)
服务器位置: 日本 (尽量摆在国外,国外不限制25端口的IDC较多,国内即使提供单也存在被封端口的情况)
IP地址: 123.123.123.123 (模拟服务器IP,真实环境需要把所有IP地址修改为真实IP)
域名: fuk.cn (模拟域名,真实环境需要把所有域名修改为真实域名)

2.域名解析配置

主机记录 记录类型 记录值 TTL
_dmarc TXT v=DMARC1; p=none; pct=100; rua=mailto:admin@fuk.com 10 分钟
@ TXT v=spf1 mx ~all 10 分钟
mai l A 123.123.123.123 10 分钟
@ MX mail.fuk.cn 10 分钟

3.搭建步骤

1.1 安装依赖

0x01 SSH进入服务器

0x02 执行如下命令

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install epel-release -y
yum install container-selinux -y

sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2
sudo yum install -y wget curl net-tools git

1.2 配置防火墙

0x01 介绍

服务器需要监听如下端口,所以需要如下所有端口能够从外网访问
本文给出两种解决方案,第一种较为稳妥,第二种没有测试,但是应该问题不大

 kingly@Mac  ~  nmap -sV --open 123.123.123.123 --min-rate=2000                                                8.90 L 5.95G RAM  12:
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-13 12:06 CST
Nmap scan report for 45.159.50.243
Host is up (0.065s latency).
Not shown: 977 closed ports, 13 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT    STATE SERVICE        VERSION
22/tcp  open  ssh            OpenSSH 7.4 (protocol 2.0)
25/tcp  open  smtp           Postfix smtpd
80/tcp  open  http           nginx
110/tcp open  pop3           Zimbra Collabration Suite pop3d
143/tcp open  imap-proxy     nginx imap proxy
443/tcp open  ssl/http       nginx
465/tcp open  ssl/smtp       Postfix smtpd
587/tcp open  smtp           Postfix smtpd
993/tcp open  ssl/imap-proxy nginx imap proxy
995/tcp open  ssl/pop3       Zimbra Collabration Suite pop3d
Service Info: Host: mail.fuk.cn

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.67 seconds

0x02 第一种方式

直接关闭防火墙

执行如下命令关闭防火墙

systemctl stop firewalld && systemctl disable firewalld && firewall-cmd --state

0x03 第二种方式

配置 Firewalld 入站规则

执行如下命令(命令行版)

systemctl start firewalld
systemctl enable firewalld
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="25" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="80" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="110" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="143" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="443" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="465" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="587" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="993" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="995" accept"
firewall-cmd --reload
firewall-cmd --state
firewall-cmd --zone=public --list-ports

或者执行如下 Shell 脚本

ips="0.0.0.0/0"
ports"22 25 80 110 143 443 465 587 993 995"
systemctl start firewalld
systemctl enable firewalld
for port in $ports
do
  firewall-cmd --add-rich-rule="rule family="ipv4" source address="$ips" port protocol="tcp" port="$port" accept" --permanent
done
echo
firewall-cmd --reload
firewall-cmd --state
firewall-cmd --zone=public --list-ports

1.3 安装Docker

一键安装命令

sudo yum install -y docker-ce
sudo systemctl start docker
sudo systemctl enable docker
sudo docker -v

1.4 安装Docker-Compose

一键安装命令

wget https://github.com/docker/compose/releases/download/v2.0.1/docker-compose-linux-x86_64 -O /usr/bin/docker-compose && chmod +x /usr/bin/docker-compose

1.5 配置 docker-compose.yml 文件

  • 修改 hostnamemail.你的域名.xxx
    • 修改 hostname 命令:
      hostnamectl set-hostname mail.你的域名.xxx
      
  • 然后输入 hostname 会出现如下提示
    [root@mail mailu]# hostname
    mail.你的域名.xxxx
    
  • 执行命令 sudo mkdir -p /mailu && cd /mailu
  • 注意替换文件中所有的IP地址(docker-compose没有域名,所以只替换IP地址即可)
  • VIM替换字符串命令:
    • 输入 :%s/123.123.123.123/你的IP地址/
    • 回车
    • 输入 :wq
    • 回车
  • 保存文件名为下面代码到 docker-compose.yml
  • 这个版本是最小化安装,没有WebMail,没有Admin面板(服务器太low,省内存!)
  • 也可以去 https://setup.mailu.io/ 生成专门的文件,也很方便,但是我估计你搞不定,你要搞定了大概率是不会看到这里的,既然都看到这了,那建议你直接抄这个,好使就对了
version: '2.2'

services:
  redis:
    image: redis:alpine
    restart: always
    volumes:
      - "/mailu/redis:/data"
  front:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8}
    restart: always
    env_file: mailu.env
    logging:
      driver: json-file
    ports:
      - "123.123.123.123:80:80"
      - "::1:80:80"
      - "123.123.123.123:443:443"
      - "::1:443:443"
      - "123.123.123.123:25:25"
      - "::1:25:25"
      - "123.123.123.123:465:465"
      - "::1:465:465"
      - "123.123.123.123:587:587"
      - "::1:587:587"
      - "123.123.123.123:110:110"
      - "::1:110:110"
      - "123.123.123.123:995:995"
      - "::1:995:995"
      - "123.123.123.123:143:143"
      - "::1:143:143"
      - "123.123.123.123:993:993"
      - "::1:993:993"
    volumes:
      - "/mailu/certs:/certs"
      - "/mailu/overrides/nginx:/overrides:ro"
  admin:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-1.8}
    restart: always
    env_file: mailu.env
    ports:
      - 127.0.0.1:8080:80
    volumes:
      - "/mailu/data:/data"
      - "/mailu/dkim:/dkim"
    depends_on:
      - redis

  imap:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8}
    restart: always
    env_file: mailu.env
    volumes:
      - "/mailu/mail:/mail"
      - "/mailu/overrides/dovecot:/overrides:ro"
    depends_on:
      - front
  smtp:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8}
    restart: always
    env_file: mailu.env
    volumes:
      - "/mailu/mailqueue:/queue"
      - "/mailu/overrides/postfix:/overrides:ro"
    depends_on:
      - front
  antispam:
    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8}
    hostname: antispam
    restart: always
    env_file: mailu.env
    volumes:
      - "/mailu/filter:/var/lib/rspamd"
      - "/mailu/dkim:/dkim:ro"
      - "/mailu/overrides/rspamd:/etc/rspamd/override.d:ro"
    depends_on:
      - front


networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 192.168.203.0/24

1.6 配置 mailu.env 文件

  • 将下面代码保存到 /mailu/mailu.env (别写错了!)
  • 修改所有 fuk.cn 为你的 一级域名
  • 修改方式和上面一样,vi mailu.env
  • VIM替换字符串命令:
    • 输入 :%s/123.123.123.123/你的IP地址/
    • 回车
    • 输入 :wq
    • 回车
SECRET_KEY=H3E3II17498CSD6J
SUBNET=192.168.203.0/24
DOMAIN=fuk.cn
HOSTNAMES=mail.fuk.cn
POSTMASTER=admin
TLS_FLAVOR=letsencrypt
AUTH_RATELIMIT=10000/minute
DISABLE_STATISTICS=True
ADMIN=false
WEBMAIL=none
WEBDAV=none
ANTIVIRUS=none
MESSAGE_SIZE_LIMIT=50000000
RELAYNETS=
RELAYHOST=
FETCHMAIL_DELAY=600
RECIPIENT_DELIMITER=+
DMARC_RUA=admin
DMARC_RUF=admin
WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
COMPRESSION=
COMPRESSION_LEVEL=
WEBROOT_REDIRECT=/webmail
WEB_ADMIN=/admin
WEB_WEBMAIL=/webmail
SITENAME=Mailu
WEBSITE=https://mail.fuk.cn
COMPOSE_PROJECT_NAME=mailu
PASSWORD_SCHEME=PBKDF2
REAL_IP_HEADER=
REAL_IP_FROM=
REJECT_UNLISTED_RECIPIENT=
LOG_LEVEL=WARNING
DB_FLAVOR=sqlite

1.7 运行服务器即最终SMTP配置信息

  • 执行命令 docker-compose up -d 启动 Mailu Server
  • 成功运行后会出现如下输出:
    [root@mail mailu]# docker-compose up -d
    Creating network "mailu_default" with driver "bridge"
    Creating mailu_redis_1 ... done
    Creating mailu_front_1 ... done
    Creating mailu_smtp_1     ... done
    Creating mailu_imap_1     ... done
    Creating mailu_antispam_1 ... done
    Creating mailu_admin_1    ... done
    [root@mail mailu]# 
    
  • 创建一个默认用户:
    docker-compose -p mailu exec admin flask mailu admin admin fuk.cn 邮箱密码
    
  • 收发邮件配置信息(SMTP):
    邮箱类型: IMAP
    收件服务器: mail.你的域名.xxx   SSL=√    端口: 993
    发件服务器: mail.你的域名.xxx   SSL=√    端口: 465
    邮箱账号: admin@你的域名.xxx
    邮箱密码: 上面创建账号时设置的邮箱密码
    

 

 

赞(0)

评论 2

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
  1. #-19

    牛逼, 我才是辣鸡

    rkz1周前 (10-13)回复
    • 大佬谦虚了

      kingly1周前 (10-14)回复