群晖mail server配置邮箱服务器(通过阿里云中继)
##1.群晖安装mail station和mail server
1.1 配置mail server
去掉勾选spf验证,使用阿里云反向代理转发,勾选的话需要在阿里云安装Postfix并配置
##2.配置阿里云反向代理
###2.1 使用tcp反向代理,新建tcp.mail.conf
配置25 143 587 995 110 465 993这几个端口
# 统一声明证书(可放在 stream 顶层,所有 ssl 端口共享同一套证书)
ssl_certificate /home/eason/dywl/nginx/ssl/tencent/mail.bakeding.site_bundle.pem;
ssl_certificate_key /home/eason/dywl/nginx/ssl/tencent/mail.bakeding.site.key;
# ---------- SMTPS(465) ----------
upstream smtps_backend { server 10.8.0.4:465; }
server {
listen 465 ssl; # 必须保留 ssl
proxy_pass smtps_backend;
# 可选:开启 TLS 预读(用于 SNI 识别)
# ssl_preread on;
access_log /home/eason/dywl/nginx/log/mqtt_tcp_access.log tcp_format;
error_log /home/eason/dywl/nginx/log/mqtt_tcp_error.log;
}
# ---------- SMTPS(587) ----------
upstream smtps587_backend { server 10.8.0.4:587; }
server {
listen 587 ssl; # 必须保留 ssl
proxy_pass smtps587_backend;
# 可选:开启 TLS 预读(用于 SNI 识别)
# ssl_preread on;
access_log /home/eason/dywl/nginx/log/mqtt_tcp_access.log tcp_format;
error_log /home/eason/dywl/nginx/log/mqtt_tcp_error.log;
}
# ---------- IMAPS(993) ----------
upstream imaps_backend { server 10.8.0.4:993; }
server {
listen 993 ssl;
proxy_pass imaps_backend;
access_log /home/eason/dywl/nginx/log/mqtt_tcp_access.log tcp_format;
error_log /home/eason/dywl/nginx/log/mqtt_tcp_error.log;
}
# ---------- POP3S(995) ----------
upstream pop3s_backend { server 10.8.0.4:995; }
server {
listen 995 ssl;
proxy_pass pop3s_backend;
access_log /home/eason/dywl/nginx/log/mqtt_tcp_access.log tcp_format;
error_log /home/eason/dywl/nginx/log/mqtt_tcp_error.log;
}
# ---------- 仍保留明文端口(可选) ----------
upstream smtp_backend { server 10.8.0.4:25; }
server {
listen 25;
proxy_pass smtp_backend;
access_log /home/eason/dywl/nginx/log/mqtt_tcp_access.log tcp_format;
error_log /home/eason/dywl/nginx/log/mqtt_tcp_error.log;
}
upstream imap_backend { server 10.8.0.4:143; }
server {
listen 143;
proxy_pass imap_backend;
access_log /home/eason/dywl/nginx/log/mqtt_tcp_access.log tcp_format;
error_log /home/eason/dywl/nginx/log/mqtt_tcp_error.log;
}
upstream pop3_backend { server 10.8.0.4:110; }
server {
listen 110;
proxy_pass pop3_backend;
access_log /home/eason/dywl/nginx/log/mqtt_tcp_access.log tcp_format;
error_log /home/eason/dywl/nginx/log/mqtt_tcp_error.log;
}
###2.2 配置mail网页 配置mail网页,可以通过mail.bakeding.site网页访问邮箱 新建nginx.mail.conf
server {
listen 80; #监听80端口
listen [::]:80;
server_name mail.bakeding.site; #也可以填写自己注册的域名
access_log /home/eason/dywl/nginx/log/mail.log;
location / {
proxy_pass http://10.8.0.4/mail/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 处理Vue路由的SPA重定向
proxy_intercept_errors on;
error_page 404 = /mail/index.html;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html; #错误页面设置
location = /50x.html {
root /home/eason/dywl/nginx/html;
}
}
server {
listen 443 ssl ;
server_name mail.bakeding.site; # 替换为实际域名
access_log $log_dir/easytribe443.log;
# SSL 证书配置(需要替换为实际证书路径)
ssl_certificate /home/eason/dywl/nginx/ssl/tencent/mail.bakeding.site_bundle.pem;
ssl_certificate_key /home/eason/dywl/nginx/ssl/tencent/mail.bakeding.site.key;
# SSL 配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# 复用上面的配置
location / {
proxy_pass http://10.8.0.4/mail/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# 处理Vue路由的SPA重定向
proxy_intercept_errors on;
error_page 404 = /mail/index.html;
}
}
##3. 域名配置(腾讯云bakeding.site)
首先添加MX记录,记录类型为MX,记录值为mail.bakeding.site,主机记录为@
配置SPF。添加如下记录,记录类型为TXT,记录值为v=spf1 mx -all,主机记录为@
配置DKIM。添加如下记录,记录类型为TXT,记录值为v=DKIM1; k=rsa; p=密钥,主机记录为mail._domainkey,这里的密钥是前面通过mail前缀生成的(1.1中的配置)
dmarc添加txt解析为:主机记录: _dmarc 记录值:v=DMARC1; p=reject; rua=bakeding@126.com
(其中p后参数自己根据情况设置,有none , quarantine 和 reject三种,rua后邮箱是自己接收报告邮箱)
##4. 网易邮箱大师客户端配置
No comments to display
No comments to display