备注说明
1.只要全部做对了,不大可能会失败,失败了可以联系我(b64解密):
azY2Ocg5OUAxMzkuY25t
2.重点在于服务器25
端口是否开放(封的都是出站流量)
3.域名解析务必一条不要少,这就是最少的了,要不搭建好了也得进垃圾箱!
4.给 QQ邮箱发邮件,单次最多不要超过1000封,不然会被办
5.下面的搭建好了之后,后面需要改域名就简单很多了,只需要把mailu.env
文件中的域名改掉,然后域名解析复制一封即可
6.初次搭建的情况下,执行docker-compose up -d
可能很慢,因为需要Pull
所有需要的Docker
镜像需要耐心等待,或者使用国内Docker
源加速,修改Docker
源太过简单,可以参考如下链接: 参考文档
1.环境列表清单
1.1 检测端口是否开放
服务器执行如下命令测试 25 端口是否开放:
返回内容与如下返回一致即为开放否则可能会导致只能收邮件不能发邮件 (也有可能收也不能收)
0x01 第一种方式(Telnet方式)
> telnet smtp.exmail.qq.com 25
[[email protected] ~]# telnet smtp.exmail.qq.com 25
Trying 124.156.190.79...
Connected to smtp.exmail.qq.com.
Escape character is '^]'.
220 smtp.qq.com Esmtp QQ Mail Server
[[email protected] ~]#
0x02 第二种方式(NC方式)
> nc -zv smtp.exmail.qq.com 25
[[email protected] ~]# nc -zv smtp.exmail.qq.com 25
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 101.32.113.90:25.
Ncat: 0 bytes sent, 0 bytes received in 0.23 seconds.
[[email protected] ~]#
1.2 服务器性能配置清单
CPU: 1 CPUs
内存: 1024MB
硬盘: 10GB
端口: 全端口开放
系统: Centos7.X 64bit
出网带宽: 200M (不影响搭建,小水管会慢一点)
服务器位置: 日本 (尽量摆在国外,国外不限制25端口的IDC较多,国内即使提供单也存在被封端口的情况)
IP地址: 123.123.123.123 (模拟服务器IP,真实环境需要把所有IP地址修改为真实IP)
域名: fuk.cn (模拟域名,真实环境需要把所有域名修改为真实域名)
2.域名解析配置
主机记录 | 记录类型 | 记录值 | TTL |
---|---|---|---|
_dmarc | TXT | v=DMARC1; p=none; pct=100; rua=mailto:[email protected] | 10 分钟 |
@ | TXT | v=spf1 mx ~all | 10 分钟 |
mai l | A | 123.123.123.123 | 10 分钟 |
@ | MX | mail.fuk.cn | 10 分钟 |
3.搭建步骤
1.1 安装依赖
0x01 SSH进入服务器
0x02 执行如下命令
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install epel-release -y
yum install container-selinux -y
sudo yum-config-manager \
--add-repo \
https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y yum-utils \
device-mapper-persistent-data \
lvm2
sudo yum install -y wget curl net-tools git
1.2 配置防火墙
0x01 介绍
服务器需要监听如下端口,所以需要如下所有端口能够从外网访问
本文给出两种解决方案,第一种较为稳妥,第二种没有测试,但是应该问题不大
[email protected] ~ nmap -sV --open 123.123.123.123 --min-rate=2000 8.90 L 5.95G RAM 12:
Starting Nmap 7.91 ( https://nmap.org ) at 2021-10-13 12:06 CST
Nmap scan report for 45.159.50.243
Host is up (0.065s latency).
Not shown: 977 closed ports, 13 filtered ports
Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.4 (protocol 2.0)
25/tcp open smtp Postfix smtpd
80/tcp open http nginx
110/tcp open pop3 Zimbra Collabration Suite pop3d
143/tcp open imap-proxy nginx imap proxy
443/tcp open ssl/http nginx
465/tcp open ssl/smtp Postfix smtpd
587/tcp open smtp Postfix smtpd
993/tcp open ssl/imap-proxy nginx imap proxy
995/tcp open ssl/pop3 Zimbra Collabration Suite pop3d
Service Info: Host: mail.fuk.cn
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 22.67 seconds
0x02 第一种方式
直接关闭防火墙
执行如下命令关闭防火墙
systemctl stop firewalld && systemctl disable firewalld && firewall-cmd --state
0x03 第二种方式
配置 Firewalld 入站规则
执行如下命令(命令行版)
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="25" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="80" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="110" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="143" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="443" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="465" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="587" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="993" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="0.0.0.0/0" port protocol="tcp" port="995" accept"
firewall-cmd --reload
firewall-cmd --state
firewall-cmd --zone=public --list-ports
或者执行如下 Shell 脚本
ips="0.0.0.0/0"
ports"22 25 80 110 143 443 465 587 993 995"
systemctl start firewalld
systemctl enable firewalld
for port in $ports
do
firewall-cmd --add-rich-rule="rule family="ipv4" source address="$ips" port protocol="tcp" port="$port" accept" --permanent
done
echo
firewall-cmd --reload
firewall-cmd --state
firewall-cmd --zone=public --list-ports
1.3 安装Docker
一键安装命令
sudo yum install -y docker-ce
sudo systemctl start docker
sudo systemctl enable docker
sudo docker -v
1.4 安装Docker-Compose
一键安装命令
wget https://github.com/docker/compose/releases/download/v2.0.1/docker-compose-linux-x86_64 -O /usr/bin/docker-compose && chmod +x /usr/bin/docker-compose
1.5 配置 docker-compose.yml 文件
- 修改
hostname
为mail.你的域名.xxx
- 修改
hostname
命令:hostnamectl set-hostname mail.你的域名.xxx
- 修改
- 然后输入
hostname
会出现如下提示[[email protected] mailu]# hostname mail.你的域名.xxxx
- 执行命令
sudo mkdir -p /mailu && cd /mailu
- 注意替换文件中所有的IP地址(docker-compose没有域名,所以只替换IP地址即可)
- VIM替换字符串命令:
- 输入
:%s/123.123.123.123/你的IP地址/
- 回车
- 输入
:wq
- 回车
- 输入
- 保存文件名为下面代码到
docker-compose.yml
- 这个版本是最小化安装,没有WebMail,没有Admin面板(服务器太low,省内存!)
- 也可以去
https://setup.mailu.io/
生成专门的文件,也很方便,但是我估计你搞不定,你要搞定了大概率是不会看到这里的,既然都看到这了,那建议你直接抄这个,好使就对了
version: '2.2'
services:
redis:
image: redis:alpine
restart: always
volumes:
- "/mailu/redis:/data"
front:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-1.8}
restart: always
env_file: mailu.env
logging:
driver: json-file
ports:
- "123.123.123.123:80:80"
- "::1:80:80"
- "123.123.123.123:443:443"
- "::1:443:443"
- "123.123.123.123:25:25"
- "::1:25:25"
- "123.123.123.123:465:465"
- "::1:465:465"
- "123.123.123.123:587:587"
- "::1:587:587"
- "123.123.123.123:110:110"
- "::1:110:110"
- "123.123.123.123:995:995"
- "::1:995:995"
- "123.123.123.123:143:143"
- "::1:143:143"
- "123.123.123.123:993:993"
- "::1:993:993"
volumes:
- "/mailu/certs:/certs"
- "/mailu/overrides/nginx:/overrides:ro"
admin:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-1.8}
restart: always
env_file: mailu.env
ports:
- 127.0.0.1:8080:80
volumes:
- "/mailu/data:/data"
- "/mailu/dkim:/dkim"
depends_on:
- redis
imap:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-1.8}
restart: always
env_file: mailu.env
volumes:
- "/mailu/mail:/mail"
- "/mailu/overrides/dovecot:/overrides:ro"
depends_on:
- front
smtp:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-1.8}
restart: always
env_file: mailu.env
volumes:
- "/mailu/mailqueue:/queue"
- "/mailu/overrides/postfix:/overrides:ro"
depends_on:
- front
antispam:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-1.8}
hostname: antispam
restart: always
env_file: mailu.env
volumes:
- "/mailu/filter:/var/lib/rspamd"
- "/mailu/dkim:/dkim:ro"
- "/mailu/overrides/rspamd:/etc/rspamd/override.d:ro"
depends_on:
- front
networks:
default:
driver: bridge
ipam:
driver: default
config:
- subnet: 192.168.203.0/24
1.6 配置 mailu.env 文件
- 将下面代码保存到
/mailu/mailu.env
(别写错了!) - 修改所有
fuk.cn
为你的 一级域名 - 修改方式和上面一样,
vi mailu.env
- VIM替换字符串命令:
- 输入
:%s/123.123.123.123/你的IP地址/
- 回车
- 输入
:wq
- 回车
- 输入
SECRET_KEY=H3E3II17498CSD6J
SUBNET=192.168.203.0/24
DOMAIN=fuk.cn
HOSTNAMES=mail.fuk.cn
POSTMASTER=admin
TLS_FLAVOR=letsencrypt
AUTH_RATELIMIT=10000/minute
DISABLE_STATISTICS=True
ADMIN=false
WEBMAIL=none
WEBDAV=none
ANTIVIRUS=none
MESSAGE_SIZE_LIMIT=50000000
RELAYNETS=
RELAYHOST=
FETCHMAIL_DELAY=600
RECIPIENT_DELIMITER=+
DMARC_RUA=admin
DMARC_RUF=admin
WELCOME=false
WELCOME_SUBJECT=Welcome to your new email account
WELCOME_BODY=Welcome to your new email account, if you can read this, then it is configured properly!
COMPRESSION=
COMPRESSION_LEVEL=
WEBROOT_REDIRECT=/webmail
WEB_ADMIN=/admin
WEB_WEBMAIL=/webmail
SITENAME=Mailu
WEBSITE=https://mail.fuk.cn
COMPOSE_PROJECT_NAME=mailu
PASSWORD_SCHEME=PBKDF2
REAL_IP_HEADER=
REAL_IP_FROM=
REJECT_UNLISTED_RECIPIENT=
LOG_LEVEL=WARNING
DB_FLAVOR=sqlite
1.7 运行服务器即最终SMTP配置信息
- 执行命令
docker-compose up -d
启动 Mailu Server
- 成功运行后会出现如下输出:
[[email protected] mailu]# docker-compose up -d Creating network "mailu_default" with driver "bridge" Creating mailu_redis_1 ... done Creating mailu_front_1 ... done Creating mailu_smtp_1 ... done Creating mailu_imap_1 ... done Creating mailu_antispam_1 ... done Creating mailu_admin_1 ... done [[email protected] mailu]#
- 创建一个默认用户:
docker-compose -p mailu exec admin flask mailu admin admin fuk.cn 邮箱密码
- 收发邮件配置信息(SMTP):
邮箱类型: IMAP 收件服务器: mail.你的域名.xxx SSL=√ 端口: 993 发件服务器: mail.你的域名.xxx SSL=√ 端口: 465 邮箱账号: [email protected]你的域名.xxx 邮箱密码: 上面创建账号时设置的邮箱密码
牛逼, 我才是辣鸡
大佬谦虚了