手动搭建邮箱服务器

配置服务器防火墙

打开25, 143(IMAP4 STARTTLS), 993(IMAP4), 465(ESMTP),587(ESMTP STARTTLS)

配置域名DNS

1、添加mail A记录
2、添加MX记录：   MX	@	mail.xxx.xxx (优先级 10)
2、添加TXT记录： TXT	@  v=spf1 mx ~all
4、添加	_dmarc记录 ：
v=DMARC1; p=quarantine; rua=mailto:dmarc.report@xxx.xxx; ruf=mailto:dmarc.report@xxx.xxx; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine
5、添加PTR记录： PTR IP Domean

申请 SSL 证书

1
certbot certonly --manual --preferred-challenge dns -d  mail.xxx.xxx

1、按操作添加指定的TXT记录（尽量别删除，后面续签需要用）
2、使用dig 指令查看TXT记录是否生效，如果生效就确认申请
2、完成申请

拉取docker 镜像

1	git clone https://github.com/docker-mailserver/docker-mailserver.git

配置 docker-compose.yml

services:
  mailserver:
    image: mailserver
    container_name: mailserver
    # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
    hostname:   mail
    domainname: xxx.xxx
    env_file: mailserver.env
    # More information about the mail-server ports:
    # https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
    ports:
      - "25:25"    # SMTP  (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
      - "465:465"  # ESMTP (implicit TLS)
      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
      - "993:993"  # IMAP4 (implicit TLS)
    volumes:
      - /mnt/RAID-B/AppData/mailServer/mail-data/:/var/mail/
      - /mnt/RAID-B/AppData/mailServer/mail-state/:/var/mail-state/
      - /mnt/RAID-B/AppData/mailServer/mail-logs/:/var/log/mail/
      - /mnt/RAID-B/AppData/mailServer/config/:/tmp/docker-mailserver/
      - /etc/localtime:/etc/localtime:ro
      - /etc/letsencrypt/live/mail.xxx.xxx/fullchain.pem:/tmp/ssl/fullchain.pem:ro
      - /etc/letsencrypt/live/mail.xxx.xxx/privkey.pem:/tmp/ssl/privkey.pem:ro
    restart: always
    stop_grace_period: 1m
    # Uncomment if using `ENABLE_FAIL2BAN=1`:
    cap_add:
    - NET_ADMIN
    - SYS_PTRACE
    
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0

配置 mailserver.env

OVERRIDE_HOSTNAME=
DMS_DEBUG=0
LOG_LEVEL=info
SUPERVISOR_LOGLEVEL=
DMS_VMAIL_UID=
DMS_VMAIL_GID=
ACCOUNT_PROVISIONER=
POSTMASTER_ADDRESS=xxx@xxxx.com
ENABLE_UPDATE_CHECK=0
UPDATE_CHECK_INTERVAL=1d
PERMIT_DOCKER=network
TZ=Asia/Shanghai
NETWORK_INTERFACE=
TLS_LEVEL=modern
SPOOF_PROTECTION=
ENABLE_SRS=0
ENABLE_OPENDKIM=1
ENABLE_OPENDMARC=1
ENABLE_POLICYD_SPF=0
ENABLE_POP3=
ENABLE_IMAP=1
ENABLE_CLAMAV=0
SPAM_SUBJECT=
ENABLE_RSPAMD=0
ENABLE_RSPAMD_REDIS=
RSPAMD_LEARN=1
RSPAMD_CHECK_AUTHENTICATED=0
RSPAMD_GREYLISTING=0
RSPAMD_HFILTER=1
RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE=6
RSPAMD_NEURAL=0
ENABLE_AMAVIS=1
AMAVIS_LOGLEVEL=0
ENABLE_DNSBL=0
ENABLE_FAIL2BAN=0
FAIL2BAN_BLOCKTYPE=drop
ENABLE_MANAGESIEVE=
POSTSCREEN_ACTION=enforce
SMTP_ONLY=
SSL_TYPE=manual
SSL_CERT_PATH=/tmp/ssl/fullchain.pem
SSL_KEY_PATH=/tmp/ssl/privkey.pem
SSL_ALT_CERT_PATH=
SSL_ALT_KEY_PATH=
VIRUSMAILS_DELETE_DELAY=
POSTFIX_DAGENT=
POSTFIX_MAILBOX_SIZE_LIMIT=
ENABLE_QUOTAS=1
POSTFIX_MESSAGE_SIZE_LIMIT=
CLAMAV_MESSAGE_SIZE_LIMIT=
PFLOGSUMM_TRIGGER=
PFLOGSUMM_RECIPIENT=xxx@xxxx.com
PFLOGSUMM_SENDER=
LOGWATCH_INTERVAL=
LOGWATCH_RECIPIENT=
LOGWATCH_SENDER=
REPORT_RECIPIENT=
REPORT_SENDER=
LOGROTATE_INTERVAL=daily
LOGROTATE_COUNT=4
POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0
POSTFIX_INET_PROTOCOLS=all
ENABLE_MTA_STS=0
DOVECOT_INET_PROTOCOLS=all
ENABLE_SPAMASSASSIN=0
ENABLE_SPAMASSASSIN_KAM=0
SPAMASSASSIN_SPAM_TO_INBOX=1
MOVE_SPAM_TO_JUNK=1
MARK_SPAM_AS_READ=0
SA_TAG=2.0
SA_TAG2=6.31
SA_KILL=10.0
ENABLE_FETCHMAIL=0
FETCHMAIL_POLL=300
FETCHMAIL_PARALLEL=0
ENABLE_GETMAIL=0
GETMAIL_POLL=5
ENABLE_OAUTH2=
OAUTH2_INTROSPECTION_URL=
LDAP_START_TLS=
LDAP_SERVER_HOST=
LDAP_SEARCH_BASE=
LDAP_BIND_DN=
LDAP_BIND_PW=
LDAP_QUERY_FILTER_USER=
LDAP_QUERY_FILTER_GROUP=
LDAP_QUERY_FILTER_ALIAS=
LDAP_QUERY_FILTER_DOMAIN=
DOVECOT_TLS=
DOVECOT_USER_FILTER=
DOVECOT_PASS_FILTER=
DOVECOT_MAILBOX_FORMAT=maildir
DOVECOT_AUTH_BIND=
ENABLE_POSTGREY=0
POSTGREY_DELAY=300
POSTGREY_MAX_AGE=35
POSTGREY_TEXT="Delayed by Postgrey"
POSTGREY_AUTO_WHITELIST_CLIENTS=5
ENABLE_SASLAUTHD=0
SASLAUTHD_MECHANISMS=
SASLAUTHD_MECH_OPTIONS=
SASLAUTHD_LDAP_SERVER=
SASLAUTHD_LDAP_BIND_DN=
SASLAUTHD_LDAP_PASSWORD=
SASLAUTHD_LDAP_SEARCH_BASE=
SASLAUTHD_LDAP_FILTER=
SASLAUTHD_LDAP_START_TLS=
SASLAUTHD_LDAP_TLS_CHECK_PEER=
SASLAUTHD_LDAP_TLS_CACERT_FILE=
SASLAUTHD_LDAP_TLS_CACERT_DIR=
SASLAUTHD_LDAP_PASSWORD_ATTR=
SASLAUTHD_LDAP_AUTH_METHOD=
SASLAUTHD_LDAP_MECH=
SRS_SENDER_CLASSES=envelope_sender
SRS_EXCLUDE_DOMAINS=
SRS_SECRET=
DEFAULT_RELAY_HOST=
RELAY_HOST=
RELAY_PORT=25
RELAY_USER=
RELAY_PASSWORD=

启动容器&添加账号密码&观察日志

docker-compose up -d `# 启动容器`
./setup.sh email add xxx@xxxx.xxx "pass"
docker-compose logs -f `# 观察容器 相关日志`

mailserver    | 2024-06-25 01:35:30+08:00 INFO  start-mailserver.sh: Welcome to docker-mailserver v14.0.0
mailserver    | 2024-06-25 01:35:30+08:00 INFO  start-mailserver.sh: Checking configuration
mailserver    | 2024-06-25 01:35:30+08:00 INFO  start-mailserver.sh: Configuring mail server
mailserver    | sha1sum: /etc/logrotate.d/fail2ban: No such file or directory
mailserver    | 2024-06-25 01:35:33+08:00 INFO  start-mailserver.sh: Starting daemons
mailserver    | 2024-06-25 01:35:35+08:00 INFO  start-mailserver.sh: mail.xxxx.xxx is up and running
mailserver    | 2024-06-25T01:35:35.646440+08:00 mail amavis[836]: starting. /usr/sbin/amavisd at mail.xxxx.xxx amavis-2.13.0 (20230106), Unicode aware, LC_CTYPE="C.UTF-8"
mailserver    | 2024-06-25T01:35:35.646478+08:00 mail amavis[836]: perl=5.036000, user=, EUID: 999 (999);  group=(), EGID: 999 999 (999 999)
mailserver    | 2024-06-25T01:35:35.663432+08:00 mail amavis[836]: Net::Server: Group Not Defined.  Defaulting to EGID '999 999'
mailserver    | 2024-06-25T01:35:35.663471+08:00 mail amavis[836]: Net::Server: User Not Defined.  Defaulting to EUID '999'
mailserver    | 2024-06-25T01:35:35.671478+08:00 mail amavis[836]: No ext program for   .zoo, tried: zoo
mailserver    | 2024-06-25T01:35:35.671532+08:00 mail amavis[836]: No ext program for   .doc, tried: ripole
mailserver    | 2024-06-25T01:35:35.671853+08:00 mail amavis[836]: No ext program for   .zst, tried: unzstd
mailserver    | 2024-06-25T01:35:35.671880+08:00 mail amavis[836]: No decoder for       .F
mailserver    | 2024-06-25T01:35:35.671889+08:00 mail amavis[836]: No decoder for       .doc
mailserver    | 2024-06-25T01:35:35.671898+08:00 mail amavis[836]: No decoder for       .zoo
mailserver    | 2024-06-25T01:35:35.671905+08:00 mail amavis[836]: No decoder for       .zst

生成并获取 DKIM 签名记录

./setup.sh config dkim keysize 2048
cat config/opendkim/keys/treesir.pub/mail.txt
mail._domainkey IN  TXT     ( "v=DKIM1; h=sha256; k=rsa; "
      "p=abc"
      "def" )  ; ----- DKIM key mail for xxxx.xxx

添加 DKIM DNS记录

TXT	mail._domainkey	v=DKIM1; h=sha256; k=rsa; p=abcdef

问题

其他邮箱客户端都能正常登录收发，就是 outlook 不行，IMAP尝试过143，993，STMP尝试过465和587都不行， 日志如下，如果有人知道为什么麻烦告知下，万分感谢

    mailserver    | 2024-06-25T01:56:42.697069+08:00 mail dovecot: imap-login: Login: user=<xxxx@xxxx.com>, method=PLAIN, rip=172.29.0.1, lip=172.29.0.2, mpid=3211, TLS, session=<F5X6gKYb6pGsHQAB>
mailserver    | 2024-06-25T01:56:42.923920+08:00 mail postfix/submissions/smtpd[3212]: connect from unknown[172.29.0.1]
mailserver    | 2024-06-25T01:56:42.979530+08:00 mail postfix/submissions/smtpd[3212]: Anonymous TLS connection established from unknown[172.29.0.1]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (secp384r1) server-signature RSA-PSS (2048 bits) server-digest SHA256
mailserver    | 2024-06-25T01:56:42.980737+08:00 mail opendmarc[787]: ignoring connection from [172.29.0.1]
mailserver    | 2024-06-25T01:56:43.162476+08:00 mail postfix/submissions/smtpd[3212]: disconnect from unknown[172.29.0.1] ehlo=1 auth=1 quit=1 commands=3
mailserver    | 2024-06-25T01:56:43.207435+08:00 mail dovecot: imap(xxxx@xxxx.com)<3211><F5X6gKYb6pGsHQAB>: Disconnected: Logged out in=63 out=1027 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

本文采用署名-非商业性使用-相同方式共享 4.0 国际许可协议，转载请注明出处。
阅读量: