PowerMTA 4.5郵件羣發服務器安裝配置

說明:

已基本實現郵件的發送功能，spf和dkim驗證通過，用戶名密碼認證失敗待後續排查驗證。

 

環境:

OS: CentOS 7.6

PowerMTA: 4.5r11

域名: mydomain.com 

服務器公網IP :  X.X.X.X

客戶端IP: Y.Y.Y.Y

 

前提:

設置服務器主機名稱爲mydomain.com

 

1. 安裝PowerMTA4.5

#wget https://s3-us-west-1.amazonaws.com/origin-static/pmta/PowerMTA-4.5r11.zip
#unzip PowerMTA-4.5r11.zip
#cd PowerMTA-4.5r11
#rpm -Uvh PowerMTA-4.5r11.rpm
#cp license /etc/pmta
#mv /usr/sbin/pmtad /usr/sbin/pmtad.bak && cp usr/sbin/pmtad /usr/sbin/pmtad
#chmod +x /usr/sbin/pmtad

2. 配置PowerMTA

#vim /etc/pmta/config
postmaster [email protected]

host-name mydomain.com

smtp-listener 0/0:25        # listens on all local IPs

# 配置域名及域名dkim證書，證書在添加dkim dns解析時生成
domain-key mykey, mydomain.com, /etc/pmta/mykey.mydomain.com.pem

<domain gmail.com>
    max-msg-rate 250/h    # prevent "exceeded the rate limit"
</domain>

<domain hotmail.com>
    max-msg-rate 250/h    # prevent "exceeded the rate limit"
</domain>

<domain 163.com>
    max-msg-rate 250/h    # prevent "exceeded the rate limit"
</domain>

<domain qq.com>
    max-msg-rate 250/h    # prevent "exceeded the rate limit"
    smtp-pattern-list backoff
</domain>

<domain *>
    dkim-sign yes
    dkim-identity @mydomain.com
</domain>

<smtp-pattern-list backoff>
    reply /550 Access denied/ mode=backoff
</smtp-pattern-list>

<smtp-user cherry>           # 認證用戶名
    password 9527Qazwsx      # 認證密碼
    source smtpuser-auth
</smtp-user>

<source smtpuser-auth>
    smtp-service yes
    always-allow-relaying yes
    require-auth true
    process-x-virtual-mta yes
    default-virtual-mta pmta-pool
    always-allow-api-submission yes
    #remove-received-headers true
    #add-received-header true
    #hide-message-source true
</source>

<source 127.0.0.1>
    always-allow-relaying yes   # allow feeding from 127.0.0.1
    process-x-virtual-mta yes   # allow selection of a virtual MTA
    smtp-service yes            # allow SMTP service
    max-message-size unlimited
    process-x-dkim-key yes
    process-X-DKIM-Options yes
    add-message-id-header yes
    jobid-header X-Mailer-RecptId
    always-allow-api-submission yes
</source>

<source 4.4.4.0/24>      # 允許指定網段訪問
    smtp-service yes             # allow SMTP service
    process-x-dkim-key yes
    process-X-DKIM-Options yes
    add-message-id-header yes
    jobid-header X-Mailer-RecptId
    always-allow-relaying yes   
    allow-unencrypted-plain-auth yes
    log-connections no
    log-commands    no           # WARNING: verbose!
    log-data        no           # WARNING: even more verbose!
</source>

<virtual-mta pmta-vmta1>
    smtp-source-host X.X.X.X mydomain.com   # 配置服務器IP及域名
</virtual-mta>

<virtual-mta-pool pmta-pool>
    virtual-mta pmta-vmta1
</virtual-mta-pool>


http-mgmt-port 8080

http-access 127.0.0.1 admin
http-access 0/0 monitor
http-access Y.Y.Y.Y admin     # 配置客戶端IP允許訪問

run-as-root no

log-file /var/log/pmta/pmta.log   # logrotate is used for rotation

<acct-file /var/log/pmta/acct.csv>
    move-interval 5m
    max-size 50M
    delete-after 8d
</acct-file>

<spool /var/spool/pmta>
    deliver-only no
</spool>

3. 配置DNS解析，以阿里云爲例

• 添加A記錄和MX記錄

• 添加SPF記錄

訪問https://tools.sparkpost.com/spf/builder生成SPF記錄

在阿里雲添加SPF解析記錄

添加完成後https://tools.sparkpost.com/spf/inspector輸入域名驗證SPF記錄是否有效。

• 添加DKIM記錄

訪問https://www.sparkpost.com/resources/tools/dkim-wizard/輸入域名和Selector<selector名稱自定義>

根據上一步生成的結果在阿里雲添加DKIM記錄

訪問https://dkimcore.org/c/keycheck輸入域名和selector驗證DKIM是否生效

配置DKIMＹ證書，將生成的私鑰保存爲pem文件, 如mykey.mydomain.com.pem

 

• 添加DMARC記錄

 

4. 啓動服務

# systemctl start pmtahttp
#pmtad --debug    # 先以debug啓動進行郵件發送測試

5. 在PowerMTA服務器本機發送郵件測試

服務端日誌/var/log/pmta/acct-*.log

查看郵件:

 

6. 訪問https://tools.sparkpost.com/dkim並往隨機生成的郵箱發送郵件驗證DKIM是否是pass狀態。

 

7. 訪問https://www.mail-tester.com/並向生成的郵箱發送郵件，然後查看分數