安装postfix和dovecot
sudo apt update
sudo apt install postfix dovecot-core dovecot-imapd dovecot-lmtpd dovecot-pop3d -y
模式选:Internet Site
System mail name填:researchranked.eu.org
邮件所需 DNS 记录
| 类型 | 主机记录 | 值 | 说明 |
|---|
| A | mail | 你的服务器公网 IP | 定义 mail.researchranked.eu.org 指向你的服务器 |
| MX | @ | mail.researchranked.eu.org,优先级 10 | 设置 researchranked.eu.org 的收件服务器 |
| TXT | @ | v=spf1 mx ~all | SPF 记录,允许通过 MX 服务器发邮件 |
| TXT | _dmarc | v=DMARC1; p=none; rua=mailto:postmaster@researchranked.eu.org | DMARC 政策 |
Postfix 上正确配置 TLS 安全发信
确认主机名
hostnamectl set-hostname mail.researchranked.eu.org
测试:
dig MX researchranked.eu.org +short
dig A mail.researchranked.eu.org +short
应该返回 `mail.researchranked.eu.org`和服务器IP 。
申请 Let's Encrypt 证书
sudo apt install certbot
sudo certbot certonly --manual --preferred-challenges dns -d mail.researchranked.eu.org
Certbot 会让你在域名管理面板添加一条 TXT 记录。
添加完后回车继续,验证通过即可获得证书。
Postfix 配置
vi /etc/postfix/main.cf
myhostname = mail.researchranked.eu.org
mydomain = researchranked.eu.org
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = localhost
# 发信用
relayhost =
# TLS 安全配置
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.researchranked.eu.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.researchranked.eu.org/privkey.pem
smtpd_use_tls=yes
smtp_tls_security_level=may
smtp_tls_loglevel=1
# 仅允许本机应用发信
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
# 默认发件人地址
smtp_generic_maps = hash:/etc/postfix/generic
创建 /etc/postfix/generic:
root@mail.researchranked.eu.org service@researchranked.eu.org www-data@mail.researchranked.eu.org
生成数据库文件:
sudo postmap /etc/postfix/generic
sudo systemctl restart postfix
测试发信
sudo apt update
sudo apt install -y mailutils
echo "Hello World" | mail -s "Test from VPS" zjnlive@gmail.com
发送失败。sudo tail -n 50 /var/log/mail.log查看,确认是因为25端口被禁。
使用 SMTP 中继
既然 25 被封,改走587**(Submission 端口)**,
让 Postfix 通过外部 SMTP 服务(比如 Gmail、SendGrid、Mailgun、Amazon SES)中继发信。
编辑 /etc/postfix/main.cf:
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_security_level = encrypt
编辑 /etc/postfix/sasl_passwd:
[smtp.gmail.com]:587 zjnlive@gmail.com:your_app_password
your_app_password 是你在 Google账户 → 安全 → 应用专用密码 生成的 16 位专用密码(不能用登录密码)。
然后执行:
sudo postmap /etc/postfix/sasl_passwd
sudo chmod 600 /etc/postfix/sasl_passwd*
sudo systemctl restart postfix
重新测试,发信成功。
创建虚拟邮箱用户
sudo mkdir -p /var/mail/vhosts/researchranked.eu.org/service
sudo -u dovecot doveadm maildir create -u service@researchranked.eu.org
sudo groupadd -g 5000 vmail
sudo useradd -g vmail -u 5000 vmail -d /var/mail/vhosts -m
sudo chown -R vmail:vmail /var/mail/vhosts
vi /etc/postfix/main.cf
myhostname = mail.researchranked.eu.org
mydomain = researchranked.eu.org
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
# 发信用
relayhost = [smtp.gmail.com]:587
# TLS 安全配置
smtpd_tls_cert_file=/etc/letsencrypt/live/mail.researchranked.eu.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/mail.researchranked.eu.org/privkey.pem
smtpd_use_tls=yes
smtp_tls_security_level=may
smtp_tls_loglevel=1
# 仅允许本机应用发信
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_use_tls = yes
smtp_tls_security_level = encrypt
# 默认发件人地址
smtp_generic_maps = hash:/etc/postfix/generic
# 禁止系统用户投递,只用虚拟邮箱
mydestination = $myhostname, localhost.$mydomain, localhost
# 虚拟邮箱域和用户映射
virtual_mailbox_domains = researchranked.eu.org
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
# 虚拟邮箱用户
virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
vi /etc/postfix/vmailbox
service@researchranked.eu.org researchranked.eu.org/service/
生成数据库文件:
sudo postmap /etc/postfix/vmailbox
然后重启 Postfix:
sudo systemctl restart postfix
Dovecot 配置
vi /etc/dovecot/dovecot.conf
protocols = imap pop3
disable_plaintext_auth = no
auth_mechanisms = plain
ssl_cert = </etc/letsencrypt/live/mail.researchranked.eu.org/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.researchranked.eu.org/privkey.pem
vi /etc/dovecot/conf.d/10-mail.conf
protocols = imap pop3 lmtp
mail_location = maildir:/var/mail/vhosts/%d/%n
vi /etc/dovecot/conf.d/10-auth.conf(修改和增加):
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include auth-passwdfile.conf.ext
vi /etc/dovecot/conf.d/auth-passwdfile.conf.ext
passdb {
driver = passwd-file
args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwd
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/var/mail/vhosts/researchranked.eu.org/service
}
使用 `doveadm pw` 工具来生成加密密码。这个工具是 Dovecot 软件包的一部分。
doveadm pw -s SHA512-CRYPT
输入密码
复制生成的密码
添加邮箱用户密码
vi /etc/dovecot/passwd
service@researchranked.eu.org:{SHA512-CRYPT}$6$qjjlicCXlcUjxroR$ZOGEy//tTEgz4CEggXsEc0sVFuXEurSVRR9dkFZT0W5mqJi52e5KTUwm6mw/UIUwh.ks/Bt4D9xU/j89coW4h/
执行
sudo usermod -aG dovecot vmail
sudo chown vmail:dovecot /etc/dovecot/passwd
sudo chmod 640 /etc/dovecot/passwd
让 Postfix 用 `dovecot-lda` 或 `dovecot-lmtp` 来投递,这样邮件路径完全由 Dovecot 控制。
在 `/etc/postfix/master.cf` 添加:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
然后在 `/etc/postfix/main.cf` 里设置:
virtual_transport = dovecot
把 Postfix 用户加入 Dovecot 组
sudo usermod -aG dovecot postfix
systemctl restart dovecot postfix
将系统邮件(root/postmaster)转发到虚拟邮箱。编辑 /etc/aliases:
postmaster: service@researchranked.eu.org
root: service@researchranked.eu.org
运行
newaliases
systemctl restart postfix
sudo chown -R dovecot:dovecot /run/dovecot
sudo chmod -R 750 /run/dovecot
确保 Dovecot SASL 支持。
vi /etc/dovecot/conf.d/10-master.conf 部分修改:
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service submission-login {
inet_listener submission {
port = 587
}
}
service auth {
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
user = dovecot
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0660
user = postfix
group = postfix
}
}
service stats {
unix_listener stats-writer {
mode = 0660
user = dovecot
group = vmail
}
}
重启 Dovecot:
sudo systemctl restart dovecot
测试 IMAP
telnet researchranked.eu.org 143
测试 POP3
telnet researchranked.eu.org 110
如果能连上,说明 Dovecot 服务正常。
开启 Submission 端口
编辑 Postfix 的主配置文件 `/etc/postfix/master.cf`,找到或添加下面这段(通常在文件末尾添加即可):
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
重启 Postfix
systemctl restart postfix
检查监听情况
ss -tlnp | grep :587
你应该看到 master 进程在监听 587。
配置Gmail 代收
如果使用个人免费版 Gmail,可以用“获取外部邮件”功能:
登录 Gmail
设置 → 账户与导入 → “检查其他邮件账户(使用 POP3)”
添加账户:
邮件地址:service@researchranked.eu.org
POP 服务器:mail.researchranked.eu.org
端口:995
用户名:service@researchranked.eu.org
密码:(你的邮箱密码)
使用 SSL:✅
⚠️ 取消勾选 “在服务器上保留副本”
这样 Gmail 收取后会自动删除 VPS 上的邮件文件。
防火墙
sudo ufw allow 587/tcp # Submission
sudo ufw allow 993/tcp # IMAPS
sudo ufw allow 995/tcp # POP3S
sudo ufw allow 25/tcp
测试发信
echo "This is a test mail" | mail -s "Hello Postfix" myemail@gmail.com
echo "This is a test mail" | mail -s "Hello Postfix" myemail@gmail.com
