說明:
已基本實現郵件的發送功能,spf和dkim驗證通過,用戶名密碼認證失敗待後續排查驗證。
環境:
OS: CentOS 7.6
PowerMTA: 4.5r11
域名: mydomain.com
服務器公網IP : X.X.X.X
客戶端IP: Y.Y.Y.Y
前提:
設置服務器主機名稱爲mydomain.com
1. 安裝PowerMTA4.5
#wget https://s3-us-west-1.amazonaws.com/origin-static/pmta/PowerMTA-4.5r11.zip
#unzip PowerMTA-4.5r11.zip
#cd PowerMTA-4.5r11
#rpm -Uvh PowerMTA-4.5r11.rpm
#cp license /etc/pmta
#mv /usr/sbin/pmtad /usr/sbin/pmtad.bak && cp usr/sbin/pmtad /usr/sbin/pmtad
#chmod +x /usr/sbin/pmtad
2. 配置PowerMTA
#vim /etc/pmta/config
postmaster [email protected]
host-name mydomain.com
smtp-listener 0/0:25 # listens on all local IPs
# 配置域名及域名dkim證書,證書在添加dkim dns解析時生成
domain-key mykey, mydomain.com, /etc/pmta/mykey.mydomain.com.pem
<domain gmail.com>
max-msg-rate 250/h # prevent "exceeded the rate limit"
</domain>
<domain hotmail.com>
max-msg-rate 250/h # prevent "exceeded the rate limit"
</domain>
<domain 163.com>
max-msg-rate 250/h # prevent "exceeded the rate limit"
</domain>
<domain qq.com>
max-msg-rate 250/h # prevent "exceeded the rate limit"
smtp-pattern-list backoff
</domain>
<domain *>
dkim-sign yes
dkim-identity @mydomain.com
</domain>
<smtp-pattern-list backoff>
reply /550 Access denied/ mode=backoff
</smtp-pattern-list>
<smtp-user cherry> # 認證用戶名
password 9527Qazwsx # 認證密碼
source smtpuser-auth
</smtp-user>
<source smtpuser-auth>
smtp-service yes
always-allow-relaying yes
require-auth true
process-x-virtual-mta yes
default-virtual-mta pmta-pool
always-allow-api-submission yes
#remove-received-headers true
#add-received-header true
#hide-message-source true
</source>
<source 127.0.0.1>
always-allow-relaying yes # allow feeding from 127.0.0.1
process-x-virtual-mta yes # allow selection of a virtual MTA
smtp-service yes # allow SMTP service
max-message-size unlimited
process-x-dkim-key yes
process-X-DKIM-Options yes
add-message-id-header yes
jobid-header X-Mailer-RecptId
always-allow-api-submission yes
</source>
<source 4.4.4.0/24> # 允許指定網段訪問
smtp-service yes # allow SMTP service
process-x-dkim-key yes
process-X-DKIM-Options yes
add-message-id-header yes
jobid-header X-Mailer-RecptId
always-allow-relaying yes
allow-unencrypted-plain-auth yes
log-connections no
log-commands no # WARNING: verbose!
log-data no # WARNING: even more verbose!
</source>
<virtual-mta pmta-vmta1>
smtp-source-host X.X.X.X mydomain.com # 配置服務器IP及域名
</virtual-mta>
<virtual-mta-pool pmta-pool>
virtual-mta pmta-vmta1
</virtual-mta-pool>
http-mgmt-port 8080
http-access 127.0.0.1 admin
http-access 0/0 monitor
http-access Y.Y.Y.Y admin # 配置客戶端IP允許訪問
run-as-root no
log-file /var/log/pmta/pmta.log # logrotate is used for rotation
<acct-file /var/log/pmta/acct.csv>
move-interval 5m
max-size 50M
delete-after 8d
</acct-file>
<spool /var/spool/pmta>
deliver-only no
</spool>
3. 配置DNS解析,以阿里云爲例
- 添加A記錄和MX記錄
- 添加SPF記錄
訪問https://tools.sparkpost.com/spf/builder生成SPF記錄
在阿里雲添加SPF解析記錄
添加完成後https://tools.sparkpost.com/spf/inspector輸入域名驗證SPF記錄是否有效。
- 添加DKIM記錄
訪問https://www.sparkpost.com/resources/tools/dkim-wizard/輸入域名和Selector<selector名稱自定義>
根據上一步生成的結果在阿里雲添加DKIM記錄
訪問https://dkimcore.org/c/keycheck輸入域名和selector驗證DKIM是否生效
配置DKIMY證書,將生成的私鑰保存爲pem文件, 如mykey.mydomain.com.pem
- 添加DMARC記錄
4. 啓動服務
# systemctl start pmtahttp
#pmtad --debug # 先以debug啓動進行郵件發送測試
5. 在PowerMTA服務器本機發送郵件測試
服務端日誌/var/log/pmta/acct-*.log
查看郵件:
6. 訪問https://tools.sparkpost.com/dkim並往隨機生成的郵箱發送郵件驗證DKIM是否是pass狀態。
7. 訪問https://www.mail-tester.com/並向生成的郵箱發送郵件,然後查看分數