Close
Edit

category: prog, direction: mail, group: postfix

MailServer

установить почтовый сервер ubuntu

postfix

источник: Установка и настройка Postfix в Ubuntu 20.04
The Postfix Home Page

ключи: #mailserver #email

Содержание >>

Ключи: #mail

основная идея:
Postfix + Devcot + roundCou

Дополнительно:
+ SpamAssasin

Как вариант: iRedMail
но воспользуемся основной идеей.

Внимание!!!
Данные записи не являются исчерпывающей инструкцией!!!

Во время использования,
нужно сравнивать с настройками своей системы
и вносить только нужные изменения,
в соответствии с своей структурой директорий.
Внимание!!!
Требуется опыт в настройке системы!!!
Не для новичков.

Как установить Postfix с Roundcube Webmail на Ubuntu и Debian

sudo apt install dovecot-imapd dovecot-pop3d

DKIM

How To Install and Configure DKIM with Postfix on Debian Wheezy (March 1, 2014)

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install opendkim opendkim-tools

sudo nano /etc/opendkim.conf

add to /etc/opendkim.conf

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:12301@localhost

How to setup OpenDKIM with Postfix on Ubuntu / Debian (November 20, 2023)
A list of all supported configuration option along with a brief description can be found here:
http://www.opendkim.org/opendkim.conf.5.html

nano /etc/opendkim.conf

add the following statements to the end:

# Our OpenDKIM config statements

# Log to syslog
Syslog                  yes
SyslogSuccess           yes
LogWhy                  yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
# UMask                   002

Mode                    sv
# PidFile                 /var/run/opendkim/opendkim.pid
UserID                  opendkim:opendkim
Socket                  inet:12301@localhost

Canonicalization        relaxed/relaxed
SignatureAlgorithm      rsa-sha256

# Sign for example.com with key in /etc/opendkim.d/mail.private using
# selector 'mail' (e.g. mail._domainkey.example.com)
# Domain                  example.com
# KeyFile                 /etc/opendkim.d/mail.private
# Selector                mail

ExternalIgnoreList      refile:/etc/opendkim.d/TrustedHosts
InternalHosts           refile:/etc/opendkim.d/TrustedHosts

# must not use refile, or you get error

KeyTable                /etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable



################
Socket                  inet:8892@localhost

ExternalIgnoreList      refile:/etc/dkimkeys/TrustedHosts
InternalHosts           refile:/etc/dkimkeys/TrustedHosts

# must not use refile, or you get error

KeyTable                refile:/etc/dkimkeys/KeyTable
SigningTable            refile:/etc/dkimkeys/SigningTable

v2:

AutoRestart             Yes
AutoRestartRate         10/1h
UMask                   002
Syslog                  yes
SyslogSuccess           Yes
LogWhy                  Yes

Canonicalization        relaxed/simple

ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
InternalHosts           refile:/etc/opendkim/TrustedHosts
KeyTable                refile:/etc/opendkim/KeyTable
SigningTable            refile:/etc/opendkim/SigningTable

Mode                    sv
PidFile                 /var/run/opendkim/opendkim.pid
SignatureAlgorithm      rsa-sha256

UserID                  opendkim:opendkim

Socket                  inet:12301@localhost

cd /etc/opendkim/
mkdir example.com
chown opendkim:opendkim example.com/
chown opendkim:opendkim *
chown opendkim:opendkim example.com/*

nano TrustedHosts
127.0.0.1
::1
localhost

#*.example.com
#*.example.net
#*.example.org

pwd
# /etc/dkimkeys/example.com
nano KeyTable
mail._domainkey.example.com example.com:mail:/etc/dkimkeys/example.com/mail.private

#mail._domainkey.example.com example.com:mail:/etc/opendkim/keys/example.com/mail.private

#mail._domainkey.example.net example.net:mail:/etc/opendkim/keys/example.net/mail.private
#mail._domainkey.example.org example.org:mail:/etc/opendkim/keys/example.org/mail.private

nano SigningTable
*@example.com mail._domainkey.example.com
#*@example.net mail._domainkey.example.net
#*@example.org mail._domainkey.example.org


opendkim-testkey
# http://www.opendkim.org/docs.html

sudo nano /etc/default/opendkim
...
SOCKET="inet:8892@localhost"

opendkim-testkey
systemctl restart opendkim
netstat -nltp | grep opendkim
ps aux | grep dkim
conf postfix
sudo nano /etc/postfix/main.cf

milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892

postconf 
postconf milter_protocol=2
postconf milter_default_action=accept
postconf smtpd_milters=inet:localhost:8892
postconf non_smtpd_milters=inet:localhost:8892
gen keyz
cd /etc/opendkim/
cd homdy.ru

# v1:
sudo opendkim-genkey -s mail -d example.com
chown opendkim:opendkim mail.private

# v2:
# opendkim-genkey -v -b 2048 -d example.com -D /etc/opendkim/keys/example.com -s mail
opendkim-genkey -v -b 2048 -d homdy.ru -D /etc/dkimkeys/homdy.ru -s mail
opendkim-genkey -v -b 2048 -d clientorganizer.ru -D /etc/dkimkeys/clientorganizer.ru -s mail
chown opendkim:opendkim homdy.ru/*
chown opendkim:opendkim clientorganizer.ru/*

Note very carefully the domain name followed by the selector. If you miss the selector, it will not work. The format of each line is like this:

KeyID DomainName:Selector:FullPathToPrivateKey

service postfix restart
service opendkim restart

systemctl restart postfix
systemctl restart opendkim
DNS DKIM text
root@homdy:/etc/dkimkeys# cat clientorganizer.ru/mail.txt 
mail._domainkey IN  TXT ( "v=DKIM1; h=sha256; k=rsa; "
      "p=MIIB...V7xc"
      "M4qOfEp...2owIDAQAB" )  ; ----- DKIM key mail for clientorganizer.ru
root@homdy:/etc/dkimkeys# 
root@homdy:/etc/dkimkeys# 
root@homdy:/etc/dkimkeys# 
root@homdy:/etc/dkimkeys# cat homdy.ru/mail.txt 
mail._domainkey IN  TXT ( "v=DKIM1; h=sha256; k=rsa; "
      "p=MIIBI...6DW1e"
      "BUd4tY...
DNS DKIM clear
clientorganizer.ru
mail._domainkey
v=DKIM1; h=sha256; k=rsa; p=MIIBI...owIDAQAB

homdy.ru
mail._domainkey
v=DKIM1; h=sha256; k=rsa; p=MIIBIj...iYQIDAQAB
Check dkim dns records
# dig +short TXT mail._domainkey.example.com
dig +short TXT mail._domainkey.example.ru
Send test mail
free | mailx -a 'From:RealName<admin@example.com>' -r "admin@example.com" -s "Free memory on server" example@gmail.com

free | mailx -a 'From:RealName<admin@example.com>' -r "admin@example.com" -s "Free memory on server" example@gmail.com
unzip .gz, .tar.gz
gzip -dk file.gz
tar -xf archive.tar.gz

Полноценный почтовый сервер на Ubuntu Server

Ctrl + S : Update