教程说明:
已基本实现邮件的发送功能,spf、dkim和DMARC验证通过,用户名密码认证失败待后续排查验证。
搭建环境:
OS: CentOS 7.6
PowerMTA: 5.0b1
域名: mydomain.com
服务器公网IP : X.X.X.X
客户端IP: Y.Y.Y.Y
软件下载地址:https://themege.net/1779.html
前提:
设置服务器主机名称为mydomain.com
步骤:
1. 安装PowerMTA5.0
unzip PowerMTA-5.0b1.zip
cd PowerMTA-5.0b1
rpm -Uvh PowerMTA-5.0b1.rpm
cp license /etc/pmta
mv /usr/sbin/pmtad /usr/sbin/pmtad.bak && cp usr/sbin/pmtad /usr/sbin/pmtad
chmod +x /usr/sbin/pmtad2.配置PMTA
#vim /etc/pmta/config
postmaster mail@mydomain.com
host-name mydomain.com
smtp-listener 0/0:25 # listens on all local IPs
# 配置域名及域名dkim证书,证书在添加dkim dns解析时生成
domain-key mykey, mydomain.com, /etc/pmta/mykey.mydomain.com.pem
<domain gmail.com>
max-msg-rate 250/h # prevent "exceeded the rate limit"
</domain>
<domain hotmail.com>
max-msg-rate 250/h # prevent "exceeded the rate limit"
</domain>
<domain 163.com>
max-msg-rate 250/h # prevent "exceeded the rate limit"
</domain>
<domain qq.com>
max-msg-rate 250/h # prevent "exceeded the rate limit"
smtp-pattern-list backoff
</domain>
<domain *>
dkim-sign yes
dkim-identity @mydomain.com
</domain>
<smtp-pattern-list backoff>
reply /550 Access denied/ mode=backoff
</smtp-pattern-list>
<smtp-user cherry> # 认证用户名
password 9527Qazwsx # 认证密码
source smtpuser-auth
</smtp-user>
<source smtpuser-auth>
smtp-service yes
always-allow-relaying yes
require-auth true
process-x-virtual-mta yes
default-virtual-mta pmta-pool
always-allow-api-submission yes
#remove-received-headers true
#add-received-header true
#hide-message-source true
</source>
<source 127.0.0.1>
always-allow-relaying yes # allow feeding from 127.0.0.1
process-x-virtual-mta yes # allow selection of a virtual MTA
smtp-service yes # allow SMTP service
max-message-size unlimited
process-x-dkim-key yes
process-X-DKIM-Options yes
add-message-id-header yes
jobid-header X-Mailer-RecptId
always-allow-api-submission yes
</source>
<source 4.4.4.0/24> # 允许指定网段访问
smtp-service yes # allow SMTP service
process-x-dkim-key yes
process-X-DKIM-Options yes
add-message-id-header yes
jobid-header X-Mailer-RecptId
always-allow-relaying yes
allow-unencrypted-plain-auth yes
log-connections no
log-commands no # WARNING: verbose!
log-data no # WARNING: even more verbose!
</source>
<virtual-mta pmta-vmta1>
smtp-source-host X.X.X.X mydomain.com # 配置服务器IP及域名
</virtual-mta>
<virtual-mta-pool pmta-pool>
virtual-mta pmta-vmta1
</virtual-mta-pool>
http-mgmt-port 8080
http-access 127.0.0.1 admin
http-access 0/0 monitor
http-access Y.Y.Y.Y admin # 配置客户端IP允许访问
run-as-root no
log-file /var/log/pmta/pmta.log # logrotate is used for rotation
<acct-file /var/log/pmta/acct.csv>
move-interval 5m
max-size 50M
delete-after 8d
</acct-file>
<spool /var/spool/pmta>
deliver-only no
</spool>3. 配置DNS解析,以阿里云为例
- 添加A记录和MX记录
- 添加SPF记录访问https://tools.sparkpost.com/spf/builder生成SPF记录
在阿里云添加SPF解析记录
添加完成后https://tools.sparkpost.com/spf/inspector输入域名验证SPF记录是否有效。
- 添加DKIM记录访问https://www.sparkpost.com/resources/tools/dkim-wizard/输入域名和Selector<selector名称自定义>
根据上一步生成的结果在阿里云添加DKIM记录
访问https://dkimcore.org/c/keycheck输入域名和selector验证DKIM是否生效
配置DKIMY证书,将生成的私钥保存为pem文件, 如mykey.mydomain.com.pem
- 添加DMARC记录
4. 启动服务
# systemctl start pmtahttp
#pmtad --debug # 先以debug启动进行邮件发送测试5. 在PowerMTA服务器本机发送邮件测试
服务端日志/var/log/pmta/acct-*.log
查看邮件:
6. 访问https://tools.sparkpost.com/dkim并往随机生成的邮箱发送邮件验证DKIM是否是pass状态。
7. 访问https://www.mail-tester.com/并向生成的邮箱发送邮件,然后查看分数
