Maddy #
Maddy 是 Golang 写的易于配置的邮箱收发服务器,集成了 IMAP 和 SMTP 以及 DKIM ,十分方便。本文将介绍在 Arch Linux 用 Maddy 部署邮箱服务器。
安装 #
yay -S maddy
我使用 sqlite
sudo pacman -S sqlite
配置文件 #
Maddy 配置 #
vim /etc/maddy/maddy.conf
内容如下
## Maddy Mail Server - default configuration file (2021-08-16)
# Suitable for small-scale deployments. Uses its own format for local users DB,
# should be managed via maddyctl utility.
#
# See tutorials at https://maddy.email for guidance on typical
# configuration changes.
#
# See manual pages (also available at https://maddy.email) for reference
# documentation.
# ----------------------------------------------------------------------------
# Base variables
$(hostname) = malacology.net
$(primary_domain) = malacology.net
$(local_domains) = $(primary_domain)
#tls file /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem
tls file /etc/letsencrypt/live/$(local_domains)/fullchain.pem /etc/letsencrypt/live/$(local_domains)/privkey.pem
# ----------------------------------------------------------------------------
# Local storage & authentication
# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddyctl creds' command.
auth.pass_table local_authdb {
table sql_table {
driver sqlite3
dsn credentials.db
table_name passwords
}
}
# imapsql module stores all indexes and metadata necessary for IMAP using a
# relational database. It is used by IMAP endpoint for mailbox access and
# also by SMTP & Submission endpoints for delivery of local messages.
#
# IMAP accounts, mailboxes and all message metadata can be inspected using
# imap-* subcommands of maddyctl utility.
storage.imapsql local_mailboxes {
driver sqlite3
dsn imapsql.db
}
# ----------------------------------------------------------------------------
# SMTP endpoints + message routing
hostname $(hostname)
table.chain local_rewrites {
optional_step regexp "(.+)\+(.+)@(.+)" "[email protected]$3"
optional_step static {
entry postmaster [email protected]$(primary_domain)
}
optional_step file /etc/maddy/aliases
}
msgpipeline local_routing {
# Insert handling for special-purpose local domains here.
# e.g.
# destination lists.example.org {
# deliver_to lmtp tcp://127.0.0.1:8024
# }
destination postmaster $(local_domains) {
modify {
replace_rcpt &local_rewrites
}
deliver_to &local_mailboxes
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
smtp tcp://0.0.0.0:25 {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections.
all rate 20 1s
all concurrency 10
}
dmarc yes
check {
require_mx_record
dkim
spf
}
source $(local_domains) {
reject 501 5.1.8 "Use Submission for outgoing SMTP"
}
default_source {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.1.1 "User doesn't exist"
}
}
}
submission tls://[::]:465 {
#submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
limits {
# Up to 50 msgs/sec across any amount of SMTP connections.
all rate 50 1s
}
auth &local_authdb
source $(local_domains) {
check {
authorize_sender {
prepare_email &local_rewrites
user_to_email identity
}
}
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
modify {
dkim $(primary_domain) $(local_domains) default
}
deliver_to &remote_queue
}
}
default_source {
reject 501 5.1.8 "Non-local sender domain"
}
}
target.remote outbound_delivery {
limits {
# Up to 20 msgs/sec across max. 10 SMTP connections
# for each recipient domain.
destination rate 20 1s
destination concurrency 10
}
mx_auth {
dane
mtasts {
cache fs
fs_dir mtasts_cache/
}
local_policy {
min_tls_level none
min_mx_level none
}
}
}
target.queue remote_queue {
target &outbound_delivery
autogenerated_msg_domain $(primary_domain)
bounce {
destination postmaster $(local_domains) {
deliver_to &local_routing
}
default_destination {
reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
}
}
}
# ----------------------------------------------------------------------------
# IMAP endpoints
imap tls://[::]:993 {
#imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
auth &local_authdb
storage &local_mailboxes
}
主要修改 min_tls_level 为 none 为了 office365/outlook 通讯。还有hostname primary_domain 以及 tls 文件位置
信件存储在 /var/lib/maddy/messages sqlite 存储在 /var/lib/maddy/
systemd 配置 #
vim /usr/lib/systemd/system/maddy.service
可以修改成你需要的
User=root
Group=root
之后
systemctl enable maddy
systemctl start maddy
用户配置 #
$ maddyctl creds create/password <[email protected]> --password <YourPassword> #创建用户/更改用户密码
$ maddyctl creds create #删除用户
$ maddyctl creds list # 查看你刚创建的用户名
$ maddyctl imap-acct create/remove <[email protected]> # 创建/删除一个邮件储存账户
$ maddyctl imap-acct list # 查看刚创建的 imap 储存账户
$ maddyctl imap-mboxes list <[email protected]> # 可以看到该账户下有哪些分类
$ maddyctl imap-msgs list <[email protected]> <INBOX> # 可以查看当前账户对应分类接收到的邮件,一般收件在 INBOX 中
端口 #
以下端口需要开放
- 25:通信
- 465: SMTP
- 993: IMAP
解析 #
A 记录 #
- type: A
- host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
- value: IP
MX 记录 #
- type: MX
- host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
- value: domain
送信优化 #
DKIM #
在 /var/lib/maddy/dkim_keys 下的 .dns 文件存在,文件内容即是 DKIM 解析
添加解析
- type: TXT
- host: default._domainkey
- value: .dns 内容
SPF #
添加解析
- type: TXT
- host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
- value: v=spf1 mx ~all
收信优化 #
DMARC #
- type: TXT
- host: _dmarc
- value: v=DMARC1; p=quarantine;
p 可以为 none quarantine reject 分别 接受不处理、接受并处理、拒绝 没经过 DMARC 检验的邮件