maddy

Maddy #

Maddy 是 Golang 写的易于配置的邮箱收发服务器,集成了 IMAP 和 SMTP 以及 DKIM ,十分方便。本文将介绍在 Arch Linux 用 Maddy 部署邮箱服务器。

安装 #

yay -S maddy

我使用 sqlite

sudo pacman -S sqlite

配置文件 #

Maddy 配置 #

vim /etc/maddy/maddy.conf

内容如下

## Maddy Mail Server - default configuration file (2021-08-16)
# Suitable for small-scale deployments. Uses its own format for local users DB,
# should be managed via maddyctl utility.
#
# See tutorials at https://maddy.email for guidance on typical
# configuration changes.
#
# See manual pages (also available at https://maddy.email) for reference
# documentation.

# ----------------------------------------------------------------------------
# Base variables

$(hostname) = malacology.net
$(primary_domain) = malacology.net
$(local_domains) = $(primary_domain)

#tls file /etc/maddy/certs/$(hostname)/fullchain.pem /etc/maddy/certs/$(hostname)/privkey.pem
tls file /etc/letsencrypt/live/$(local_domains)/fullchain.pem /etc/letsencrypt/live/$(local_domains)/privkey.pem
# ----------------------------------------------------------------------------
# Local storage & authentication

# pass_table provides local hashed passwords storage for authentication of
# users. It can be configured to use any "table" module, in default
# configuration a table in SQLite DB is used.
# Table can be replaced to use e.g. a file for passwords. Or pass_table module
# can be replaced altogether to use some external source of credentials (e.g.
# PAM, /etc/shadow file).
#
# If table module supports it (sql_table does) - credentials can be managed
# using 'maddyctl creds' command.

auth.pass_table local_authdb {
    table sql_table {
        driver sqlite3
        dsn credentials.db
        table_name passwords
    }
}

# imapsql module stores all indexes and metadata necessary for IMAP using a
# relational database. It is used by IMAP endpoint for mailbox access and
# also by SMTP & Submission endpoints for delivery of local messages.
#
# IMAP accounts, mailboxes and all message metadata can be inspected using
# imap-* subcommands of maddyctl utility.

storage.imapsql local_mailboxes {
    driver sqlite3
    dsn imapsql.db
}

# ----------------------------------------------------------------------------
# SMTP endpoints + message routing

hostname $(hostname)

table.chain local_rewrites {
    optional_step regexp "(.+)\+(.+)@(.+)" "[email protected]$3"
    optional_step static {
        entry postmaster [email protected]$(primary_domain)
    }
    optional_step file /etc/maddy/aliases
}

msgpipeline local_routing {
    # Insert handling for special-purpose local domains here.
    # e.g.
    # destination lists.example.org {
    #     deliver_to lmtp tcp://127.0.0.1:8024
    # }

    destination postmaster $(local_domains) {
        modify {
            replace_rcpt &local_rewrites
        }

        deliver_to &local_mailboxes
    }

    default_destination {
        reject 550 5.1.1 "User doesn't exist"
    }
}

smtp tcp://0.0.0.0:25 {
    limits {
        # Up to 20 msgs/sec across max. 10 SMTP connections.
        all rate 20 1s
        all concurrency 10
    }

    dmarc yes
    check {
        require_mx_record
        dkim
        spf
    }

    source $(local_domains) {
        reject 501 5.1.8 "Use Submission for outgoing SMTP"
    }
    default_source {
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            reject 550 5.1.1 "User doesn't exist"
        }
    }
}
submission tls://[::]:465 {
#submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
    limits {
        # Up to 50 msgs/sec across any amount of SMTP connections.
        all rate 50 1s
    }

    auth &local_authdb

    source $(local_domains) {
        check {
            authorize_sender {
                prepare_email &local_rewrites
                user_to_email identity
            }
        }

        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            modify {
                dkim $(primary_domain) $(local_domains) default
            }
            deliver_to &remote_queue
        }
    }
    default_source {
        reject 501 5.1.8 "Non-local sender domain"
    }
}

target.remote outbound_delivery {
    limits {
        # Up to 20 msgs/sec across max. 10 SMTP connections
        # for each recipient domain.
        destination rate 20 1s
        destination concurrency 10
    }
    mx_auth {
        dane
        mtasts {
            cache fs
            fs_dir mtasts_cache/
        }
        local_policy {
            min_tls_level none
            min_mx_level none
        }
    }
}

target.queue remote_queue {
    target &outbound_delivery

    autogenerated_msg_domain $(primary_domain)
    bounce {
        destination postmaster $(local_domains) {
            deliver_to &local_routing
        }
        default_destination {
            reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
        }
    }
}

# ----------------------------------------------------------------------------
# IMAP endpoints
imap tls://[::]:993 {
#imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
    auth &local_authdb
    storage &local_mailboxes
}

主要修改 min_tls_levelnone 为了 office365/outlook 通讯。还有hostname primary_domain 以及 tls 文件位置

信件存储在 /var/lib/maddy/messages sqlite 存储在 /var/lib/maddy/

systemd 配置 #

vim /usr/lib/systemd/system/maddy.service

可以修改成你需要的

User=root
Group=root

之后

systemctl enable maddy
systemctl start maddy

用户配置 #

$ maddyctl creds create/password <[email protected]> --password <YourPassword> #创建用户/更改用户密码
$ maddyctl creds create #删除用户
$ maddyctl creds list # 查看你刚创建的用户名

$ maddyctl imap-acct create/remove <[email protected]> # 创建/删除一个邮件储存账户
$ maddyctl imap-acct list # 查看刚创建的 imap 储存账户

$ maddyctl imap-mboxes list <[email protected]> # 可以看到该账户下有哪些分类
$ maddyctl imap-msgs list <[email protected]> <INBOX> # 可以查看当前账户对应分类接收到的邮件,一般收件在 INBOX 中

端口 #

以下端口需要开放

  • 25:通信
  • 465: SMTP
  • 993: IMAP

解析 #

A 记录 #

  • type: A
  • host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
  • value: IP

MX 记录 #

  • type: MX
  • host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
  • value: domain

送信优化 #

DKIM #

/var/lib/maddy/dkim_keys 下的 .dns 文件存在,文件内容即是 DKIM 解析

添加解析

  • type: TXT
  • host: default._domainkey
  • value: .dns 内容

SPF #

添加解析

  • type: TXT
  • host: 根据你的 domain,二级域名填写二级域名的名称,一级域名空或者@/*
  • value: v=spf1 mx ~all

收信优化 #

DMARC #

  • type: TXT
  • host: _dmarc
  • value: v=DMARC1; p=quarantine;

p 可以为 none quarantine reject 分别 接受不处理、接受并处理、拒绝 没经过 DMARC 检验的邮件