# 启动/停止/重启/重载Postfix
systemctl start postfix
systemctl stop postfix
systemctl restart postfix
systemctl reload postfix # 重载配置文件,不中断服务
# 查看Postfix状态
systemctl status postfix
postfix status
# 检查配置文件语法是否正确
postfix check
# 查看邮件队列
postqueue -p
mailq # 等同于postqueue -p
# 立即尝试发送队列中所有邮件
postqueue -f
postfix flush
# 删除队列中所有邮件
postsuper -d ALL
# 删除队列中特定ID的邮件
postsuper -d <邮件ID>
# 保留队列中的邮件(暂时不发送)
postsuper -h <邮件ID>
# 恢复保留的邮件
postsuper -H <邮件ID>
# 重新排队所有邮件(修改配置后重新发送)
postsuper -r ALL
# 查看所有配置参数的值
postconf
# 查看特定配置参数的值
postconf myhostname
postconf mynetworks
# 查看默认的配置参数值
postconf -d myhostname
# 查看所有非默认的配置参数
postconf -n
# 启动/停止/重启/重载Dovecot
systemctl start dovecot
systemctl stop dovecot
systemctl restart dovecot
systemctl reload dovecot
# 查看Dovecot状态
systemctl status dovecot
dovecot status
# 检查配置文件语法是否正确
doveconf -n # 检查配置并显示非默认配置
doveconf -c /etc/dovecot/dovecot.conf # 指定配置文件检查
# 查看用户邮箱配额
doveadm quota get -u [email protected]
# 重新计算用户邮箱配额
doveadm quota recalc -u [email protected]
# 列出所有用户的邮箱使用情况
doveadm mailbox list -A
# 搜索用户邮件
doveadm search -u [email protected] all
# 删除用户的特定邮件
doveadm expunge -u [email protected] mailbox 'INBOX' all
# 测试用户认证
doveadm auth test [email protected] password
# 查看活跃连接
doveadm who
# 查看邮箱统计信息
doveadm stats dump
# 手动运行邮箱索引优化
doveadm index -u [email protected] '*'
# 基本配置
myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
inet_protocols = ipv4
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 127.0.0.0/8, 192.168.1.0/24
relay_domains = $mydestination
# 邮箱配置
home_mailbox = Maildir/
mailbox_size_limit = 0
message_size_limit = 52428800 # 50MB附件限制
# SASL认证配置
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# 收件人限制
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rhsbl_reverse_client dbl.spamhaus.org,
reject_rhsbl_helo dbl.spamhaus.org,
reject_rhsbl_sender dbl.spamhaus.org
# TLS配置
smtpd_tls_cert_file = /etc/pki/tls/certs/mail.crt
smtpd_tls_key_file = /etc/pki/tls/private/mail.key
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_ciphers = high
# DKIM配置
milter_default_action = accept
milter_protocol = 6
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
# 启用submission端口(587)
submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
# 启用SMTPS端口(465)
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
# 启用的协议
protocols = imap pop3 lmtp
# 监听地址
listen = *
# 认证配置
disable_plaintext_auth = yes
auth_mechanisms = plain login
!include conf.d/*.conf
# 认证机制
disable_plaintext_auth = yes
auth_mechanisms = plain login
# PAM认证
passdb {
driver = pam
}
# 用户数据库
userdb {
driver = passwd
}
# 与Postfix通信的认证套接字
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
# 邮箱存储位置,Maildir格式
mail_location = maildir:~/Maildir
# 邮箱配额
mail_plugins = quota
# 最大邮件大小
mail_max_userip_connections = 20
# 启用SSL
ssl = required
# 证书路径
ssl_cert = </etc/pki/tls/certs/mail.crt
ssl_key = </etc/pki/tls/private/mail.key
# 加密协议和套件
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_prefer_server_ciphers = yes
# 全局过滤规则
# 1. 移动垃圾邮件到 Junk 文件夹
require ["fileinto", "mailbox"];
if header :contains "X-Spam-Flag" "YES" {
fileinto :create "Junk";
stop;
}
# 2. 移动通知邮件到 通知 文件夹
if header :contains "From" ["[email protected]", "[email protected]"] {
fileinto :create "通知";
stop;
}
# 3. 自动回复休假邮件
require ["vacation"];
if true {
vacation :days 7 :subject "自动回复:我正在休假"
"您好!\n\n我正在休假,2024年5月1日后恢复办公。\n紧急问题请联系我的同事:[email protected]\n\n祝好!";
}
# A记录
mail.example.com. A 192.168.1.100
# MX记录,优先级10
example.com. MX 10 mail.example.com.
# SPF记录,允许指定IP和包含谷歌SPF,其他软拒绝
example.com. TXT "v=spf1 ip4:192.168.1.100 include:_spf.google.com ~all"
# DKIM记录,selector是dkim
dkim._domainkey.example.com. TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC..."
# DMARC记录,策略为隔离,发送报告到[email protected]
_dmarc.example.com. TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]; ruf=mailto:[email protected]; pct=100"
#!/bin/bash
# 监控Postfix邮件队列,超过阈值告警
QUEUE_SIZE=$(postqueue -p | grep -c "^[A-F0-9]")
THRESHOLD=100
if [ $QUEUE_SIZE -gt $THRESHOLD ]; then
echo "邮件队列异常,当前队列长度:$QUEUE_SIZE" | mail -s "邮件队列告警" [email protected]
fi
#!/bin/bash
# 每日备份邮件数据
DATE=$(date +%Y%m%d)
BACKUP_DIR="/backup/mail/$DATE"
MAIL_DIR="/var/vmail"
MYSQL_USER="root"
MYSQL_PASS="password"
MYSQL_DB="vmail"
# 创建备份目录
mkdir -p $BACKUP_DIR
# 备份邮件数据
tar zcf $BACKUP_DIR/mail.tar.gz $MAIL_DIR
# 备份数据库
mysqldump -u$MYSQL_USER -p$MYSQL_PASS $MYSQL_DB | gzip > $BACKUP_DIR/db.sql.gz
# 删除30天前的备份
find /backup/mail -type d -mtime +30 -exec rm -rf {} \;
echo "邮件备份完成:$BACKUP_DIR"