우분투 16.04에 이메일 서버 설치하기.

 

sudo apt-get update

sudo DEBIAN_PRIORITY=low apt-get install postfix

설정은 Internet Site, jihoonjjang.com, jichoong (우분투 계정 이름), No, 기본값 —> 으로 두었다.

sudo postconf -e 'home_mailbox= Maildir/'

sudo postconf -e 'virtual_alias_maps= hash:/etc/postfix/virtual'

sudo nano /etc/postfix/virtual
@jihoonjjang.com jichoong
sudo postmap /etc/postfix/virtual

sudo systemctl restart postfix

sudo ufw allow Postfix

sudo  apt-get install dovecot-common dovecot-pop3d dovecot-imapd

sudo nano /etc/dovecot/conf.d/10-mail.conf

 

## the location of the mailbox is specified in 'mbox' format ##
mail_location = mbox:~/mail:INBOX=/var/mail/%u

## dovecot is granted necessary permission to read/write user mailboxes ##
mail_privileged_group = mail

이거 추가

 

sudo service dovecot restart
sudo postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/jihoonjjang.com/fullchain.pem'
sudo postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/jihoonjjang.com/privkey.pem'
 
sudo nano /etc/postfix/master.cf
submission inet n       -       n       -       -       smtpd
  -o smtpd_tls_security_level=encrypt

이거 주석 풀기

sudo nano /etc/dovecot/conf.d/10-ssl.conf
ssl = yes

ssl_cert = </etc/letsencrypt/live/jihoonjjang.com/fullchain.pem

ssl_key = </etc/letsencrypt/live/jihoonjjang.com/privkey.pem
sudo ufw allow 995
sudo ufw allow 993
sudo ufw allow 25
sudo ufw allow 587
sudo nano /etc/dovecot/conf.d/10-master.conf
## The listener is added under the service auth section ##
service auth {
    unix_listener /var/spool/postfix/private/auth {
        mode = 0660
            user = postfix
            group = postfix
    } ##end listener
} ## end service auth

잘 보고 리스너 추가

sudo nano /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain login
sudo service dovecot restart
sudo nano /etc/postfix/main.cf
#### SASL ####
## specify SASL type ##
smtpd_sasl_type = dovecot

## path to the SASL socket relative to postfix spool directory i.e. /var/spool/postfix ##
smtpd_sasl_path = private/auth

## postfix appends the domain name for SASL logins that do not have the domain part ##
smtpd_sasl_local_domain = example.tst

## SASL default policy ##
smtpd_sasl_security_options = noanonymous

## for legacy application compatibility ##
broken_sasl_auth_clients = yes

## enable SMTP auth ##
smtpd_sasl_auth_enable = yes

## smtp checks ##
## these checks are based on first match, so sequence is important ##
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

#### SSL/TLS parameters ####

## 'encrypt' will enforce SSL. Not recommended for live servers ##
smtpd_tls_security_level = may 
#smtpd_tls_security_level = encrypt 

smtpd_tls_received_header = yes 
smtpd_tls_auth_only = no 

## loglevel 3 or 4 can be used during troubleshooting ##
smtpd_tls_loglevel = 1 

## path to certificate and key file ##
smtpd_use_tls=yes 

## server will announce STARTTLS ##
smtp_tls_note_starttls_offer = yes 

smtpd_tls_session_cache_timeout = 3600s

가장 마지막에 추가

sudo service postfix restart

 

 

참고한곳

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-postfix-on-ubuntu-16-04#step-4-adjust-the-firewall

https://www.namecheap.com/support/knowledgebase/article.aspx/9795/69/installing-and-configuring-ssl-on-postfixdovecot-mail-server

http://xmodulo.com/mail-server-ubuntu-debian.html

http://xmodulo.com/enable-user-authentication-postfix-smtp-server-sasl.html

Posted on Posted in 컴공