[Postal] 自建大量寄送信件伺服器

Postal

1. 開一台 Ubuntu 16.04 LTS

2. 執行快速安裝指令

$ curl https://raw.githubusercontent.com/atech/postal/master/script/install/ubuntu1604.sh | sh	

3. 開新帳號

$ postal make-user

# E-Mail Address      : xxx@gmail.com
# First Name          : xxx
# Last Name           : xxx
# Initial Password:   : **********
# User has been created with e-mail address xxx@gmail.com

4. 修改mysql密碼

mysqladmin -u root password

5. 修改RabbitMQ密碼

p0stalpassw0rd

mysql 的 root 密碼預設是空的，要自己補 mysql 和 rabitMQ 的 postal帳號的密碼要一樣才行 (不動也沒差，反正會加防火牆)

6. 把 nginx 設定裡面兩個domain name都改掉

/etc/nginx/sites-enabled/default

domain_name postal.yourdomain.com

$ nginx -t
$ service nginx restart

7. 安裝 certbot 並啟用ssl

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

啟用certbot

$sudo certbot --nginx
# 選 1 不自動轉(原本已經寫好了)

設定自動啟用

$ sudo certbot renew --dry-run

8. DNS設定

;; A Records (IPv4 addresses)
yourdomain.com.	1	IN	A	123.123.123.123
postal.yourdomain.com.	1	IN	A	123.123.123.123
rp.mail.yourdomain.com.	1	IN	A	123.123.123.123
spf.postal.yourdomain.com.	1	IN	A	123.123.123.123
www.yourdomain.com.	1	IN	A	123.123.123.123
;; MX Records
psrp.yourdomain.com.	1	IN	MX	10	mx.postal.yourdomain.com.
psrp.mail.yourdomain.com.	1	IN	MX	10	mx.postal.yourdomain.com.
;; CNAME Records
psrp.yourdomain.com.	1	IN	CNAME	rp.postal.yourdomain.com.
psrp.mail.yourdomain.com.	1	IN	CNAME	rp.postal.yourdomain.com.
;; TXT Records
yourdomain.com.	1	IN	TXT	"v=spf1 a mx include:spf.postal.yourdomain.com ~all"
mail.yourdomain.com.	1	IN	TXT	"v=spf1 a mx include:spf.postal.yourdomain.com ~all"
psrp.yourdomain.com.	1	IN	TXT	"v=spf1 a mx ip4:123.123.123.123 ~all"
psrp.mail.yourdomain.com.	1	IN	TXT	"v=spf1 a mx ip4:123.123.123.123 ~all"
postal-bfyfsk._domainkey.yourdomain.com.	1	IN	TXT	"v=DKIM1; t=s; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDsEfl9HlDLTG9G4LVkVPh/mnCkb+XiJpeaGaVR/+TLHvdLv2EaVY9QlXnJl3CsOz+ift8W0cAQFfSRjHF4LHyGFxe0UfDOhMR67p4/KiCF3uq/bnSMnVXKLXp45YWGz9JT2HIlu497zZ1m7zIXtiSChU2qR39kTqai7CK8VHEOJQIDAQAB;"
postal-gmqito._domainkey.mail.yourdomain.com.	1	IN	TXT	"v=DKIM1; t=s; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiduT7ecGnhzz/qgNQXYFmdIZ2tWyjg34z4GJJZxf6JNewYb9Ag776Ogcanux2s78G0JDYMo1M/HPekq1REEL3wPHU8yYsBG9xLcLSfr1wIMVqrZ7oLKsC3I8HsJOnARu3reQrpBIOq//4wei8mzUyNwhAfPrEvbVzgBhAcOe74wIDAQAB;"
postal-nofjiu._domainkey.mail.yourdomain.com.	1	IN	TXT	"v=DKIM1; t=s; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3ebXd1f8b8yXxWZegbMW/Pn7wppOslFxkDft4tCpY5QMlhiOkvBU4zy3BlpA+m930MDPyqeiIhFBHpLhEelwT50H3I7yMtI+fQb4+PVMwog9czLTN9wYWWomHNGI4bUo1GWPWbnjgPSyjEOM5mKIwk3Fvqgdyo6goNnjEjh4wWQIDAQAB;"
_dmarc.yourdomain.com.	1	IN	TXT	"v=DMARC1; p=none"

9. smtp 設定轉 port

```
$ sudo apt-get install ufw
# 所有port 允許送出，拒絕進入
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
# 開啟服務
$ sudo ufw allow ssh (務必加入，否則無法遠端)
$ sudo ufw allow http
$ sudo ufw allow https
$ sudo ufw allow 587/tcp
```

設定 port forwarding

# /etc/ufw/sysctl.conf
net/ipv4/ip_forward=1 #把註解取消

把以下文字加到 /etc/ufw/before.rules 最上方

# /etc/ufw/before.rules 
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
COMMIT

$ sudo ufw disable 
$ sudo ufw enable 

參考

1. https://serverfault.com/questions/238563/can-i-use-ufw-to-setup-a-port-forward