AdvertCN - 广告中国

 找回密码
 立即注册

QQ登录

只需一步,快速开始

Binom
 谷歌+Bing+TT+MSN官方代理 
⚡️按条S5代理⚡️静态⚡️独享⚡️5G⚡️最干净<Wifi住宅+5G移动>IP代理指纹浏览器,就用AdsPower
Mediabuy⚡️玩家开户首选【鲁班跨境通-自助充值转账】FB/GG/TT❤️官方免费开户Affiliate 全媒体流量资源⚡️
Taboola/Outbrain /Bing⚡️一级代理开户投流-7*24h❤️人工在线【官方】❤️搜索套利广告开户独立站⚡️开户投放
DuoPlus专注打造跨境电商云手机E.PN 虚拟卡BINOM TRACKER 60% OFF!比Adplexity还好用的Spy工具
MediaGo+Taboola+Ob开户百度国际MediaGo⚡️让产品狂奔全球百度国际,高点击转化,快速放量百度国际MediaGo,独家原生流量
ADPLEXITY + ADVERTCN7200W全球动态不重复住宅IP代理虚拟信用卡+独立站收款全球虚拟卡, 支持U充值
Facebook 批量上广告尤里改 - FB 稳定投放免费黑五教程(持续更新、欢迎交流)FB 三不限源头 - 自助下户充值转款
各种主页、账单户、BM户(优势)⚡️个人户,bm户不限额,账单户一手BM分享户不限额9Proxy ⚡️ $0.04/IP, 无限带宽
FB二三解0.1元一个虚拟卡|PTM星际卡FB专用虚拟卡Google、Bing官方总代  联盟流量开户
FB账号资源/稳定靠谱/运行5年啦FB开户代投/三不限/白名单fb耐用号0.01一个fb账号官方合作商
广告位出租   
查看: 6884|回复: 2

国外找哈的发下linux下面搭建邮件服务器-

[复制链接]

11

主题

0

广告币

67

积分

初级会员

Rank: 2

积分
67

社区QQ达人

发表于 2013-9-2 14:22:43 | 显示全部楼层 |阅读模式
since i have noticed that a lot of guys, even some from this forum, are charging 100's of dollars for setting up a good Linux Smtp server with ip rotation i decided to write a nice tutorial for all you who does not have 100's of $ to spend on that.

Some of the things i'm going to write here are, actually, copy/pasted from other sources, simply can't be arsed to rewrite something that is really common .

Ok, so what you gonna need ?


1) A linux server ( obviously lol ), i have used CentOS as a OS, so i suggest you to with it also, you can buy either VPS either Dedicated it does not really matter, we don't need some killing machine for this, postfix will not take a lot of resources, but i do recommend to buy at last 512 MB of ram and 20 GB of HDD. You need to buy a VPS with many ip addresses, nowadays, ips become expensive and hard to get, you need to fill stupid justification and other stuff to get a lot of ips, but you can still find a providers which won't ask you for that.

Here is one good hoster : http://www.host1plus.com/vps-hosting/

They DO ALLOW mass mailing, however, they are not saying they allow SPAM, but since they can't prove do you really have opt-in lists or now, just make sure to make your emails looks legit with opt-out link, some fake company info and make them looks good and not spam like with just a banner image inside lol.

They are hosted in Germany and price per ip is 2$, you can find them cheaper, but these guys are quality and their TOS allow mass mailing, so it's up on you where are you going to buy VPS.

If you are going to spend some time on Google you will also find very cheap VPS's which comes with 4 or even 8 ip's by default, they are also good solution.

But i highly recommend you to buy at last 50 ip's, that will increase your inbox ratio a lot and won't lead your ips to blacklists fast. You will get blacklisted, that's a matter of time, but - more ips - more time without blacklisting. If you can afford your self 200 ips and if you will send only 100 emails per day per ip ( 20000 / day ), you won't get blacklisted ever.


Also at the end of this topic i will explain how to get whitelisted on some ISP's, mail providers and spam filters.




1 Install Postfix

This tutorial is for Debian, everything is same like with other Linuxes, just don't use sudo command .

Installation


You will be shocked at how simple it is to install the Postfix mail server. All you have to do is follow these steps:


1) Open up a terminal window (or, if you are using a GUI-less server just log in).


2) Issue the command sudo apt-get install postfix.


That's it! Of course, depending upon the current state of your distribution, the installation may or may not have to install some dependencies. But this will happen automatically for you. The installation will also automatically start the Postfix daemon for you. So as soon as installation is complete you can test to make sure you can connect to your Postfix server with the command:


telnet localhost 25


You should see something like this:


Trying 127.0.0.1...
Connected to www.mymail.com.
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix (Ubuntu)


Now you might want to first make sure you can also connect to your domain in the same way with the command:


telnet www.mymail.com 25


Of course you will use your own FDQN in the above command (instead of mymail.com). Hopefully you will see the same output you did when you used localhost. If not, you will have to check to make sure your domain is pointing to your server or that port 25 traffic can get to your server from your router, switch, or firewall. Those issues are beyond the scope of this article however.


Now it is time to start configuration.


Configuring Postfix


The Postfix mail server has one main configuration file /etc/postfix/main.cf. This is where you will do the bulk of your configurations. Open this file up in your favorite text editor (mine is Nano) and look for the following section:


myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination =
relayhost =
mynetworks =
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all


This is the section of the configuration file you must focus on. And, believe it or not, there isn't much to do. Below are the sections you need to configure:


myhostname: This is the hostname of your machine. But don't put the full hostname. If your machine hostname is mail.mydomain.com you will only use mydomain.


mydestination: This parameter specifies what destinations this machine will deliver locally. The default is:


mydestination = $myhostname localhost.$mydomain localhost


You could also use something like what I have used in the past (for simplicity's sake):


mydomain.com mydomain localhost.localdomain localhost


This call is up to you. Either way will work; but the latter line will help to avoid mailloops.


mynetworks: This line is a bit trickier. This entry will define authorized destinations that mail can be relayed from. You would think that adding your subnet here would work. Sometimes that is the case; sometimes not. You could go with a mynetworks entry that looks like:


mynetworks = 127.0.0.1/8


The above entry is a safe entry and defines local machines only.


You could also have an entry that looks like:


mynetworks = 127.0.0.1/8 192.168.100.1/24


The above entry would authorize local machines and your internal network addresses.


I have found, however, that the above entries will cause problems with relaying due to constantly changing dhcp addresses. Because of this I have used the following, specialized entry which will avoid this issue:


mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128


Now, if your mail server serves up mail to your entire domain, you will need to add another entry to that section above. That entry is:


mydomain = mydomain.com


Again, as in all configurations above, the mydomain.com will be substituted with your real domain.


Now, save that configuration file and restart your mail server with the command:


sudo /etc/init.d/postfix reload


Your mail server should be up and running.


Users


Since this is a Linux mail server, you will need to make sure you have a user name that corresponds with every email address you need. If your server has a GUI you can just use the GUI tool for this. If your server is a GUI-less server you can create users with the command:


sudo useradd -m USERNAME


Where USERNAME is the actual name of the user. The next step is to give the username a password with the command:


sudo passwd USERNAME


Again, where USERNAME is the actual username. You will be prompted to enter the new password twice.



2) Set Up DKIM On Postfix With dkim-milter (CentOS 5.2)



This howto has been superseded by http://www.topdog.za.net/postfix_dkim_milter
Introduction
DKIM is an authentication framework which stores public-keys in DNS and digitally signs emails on a domain basis. It was created as a result of merging Yahoo's domainkeys and Cisco's Identified Internet mail specification. It is defined in RFC 4871.


We will be using the milter implementation of dkim http://dkim-milter.sf.net on CentOS 5.2.





Installation
I provide Centos rpms for Dkim-milter at http://www.topdog-software.com/oss/ so we will install the latest version.


Install the rpm, ( 32bit and 64bit intel supported )
# wget http://www.topdog-software.com/oss/r...re.com_key.txt
# rpm --import andrew_topdog-software.com_key.txt
# http://www.topdog-software.com/oss/dkim-milter/dkim-milter-2.8.2-0.$(uname -i).rpm





Generate the Keys
# sh /usr/share/doc/dkim-milter-2.8.2/dkim-genkey.sh -r -d <domain_name>


Replace <domain_name> with the domain name you will be signing the mail for. The command will create two files.


default.txt - contains the public key you publish via DNS
default.private - the private key you use for signing your email
Move the private key to the dkim-milter directory and secure it.


# mv default.private /etc/mail/dkim/default.key.pem
# chmod 600 /etc/mail/dkim/default.key.pem
# chown dkim-milt.dkim-milt /etc/mail/dkim/default.key.pem





DNS Setup
You need to publish your public key via DNS, client servers use this key to verify your signed email. The contents of default.txt is the line you need to add to your zone file a sample, is below


default._domainkey IN TXT "v=DKIM1; g=*; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG81CNNVOl WwfhENOZEnJKNlikTB3Dnb5kUC8/zvht/S8SQnx+YgZ/KG7KOus0By8cIDDvwn3ElVRVQ6Jhz/HcvPU5DXCAC5owLBf/gX5tvAnjF1vSL8ZBetxquVHyJQpMFH3VW37m/mxPTGmDL+zJVW+CKpUcI8BJD03iW2l1CwIDAQAB"


; ----- DKIM default for topdog-software.com
Also add this to your zone file.


_ssp._domainkey IN TXT "t=y; dkim=unknown"





Configuration
Create the file /etc/sysconfig/dkim-milter with the contents below overwriting the existing sample file that was installed by the rpm, Make sure you set the SIGNING_DOMAIN variable to the domain or domains you will be signing mail for.
USER="dkim-milt"
PORT="inet:20209@localhost"
SIGNING_DOMAIN="<domain_name>"


SELECTOR_NAME="default"
KEYFILE="/etc/mail/dkim/default.key.pem"
SIGNER=yes
VERIFIER=yes
CANON=simple
SIGALG=rsa-sha1
REJECTION="bad=r,dns=t,int=t,no=a"
EXTRA_ARGS="-h -l -D"



Configure Postfix
You need to add the following options to the postfix main.cf file to enable it to use the milter.


smtpd_milters = inet:localhost:20209
non_smtpd_milters = inet:localhost:20209
Append the dkim-milter options to the existing milters if you have other milters already configured.


Start dkim-milter and restart postfix


# service dkim-milter start
# service postfix restart





Testing
Send an email to [email protected] or autorespond+[email protected], you will receive a response stating if your setup is working correctly. If you have a Gmail account you can send an email to that account and look at the message details similar to the picture below, you should see signed-by "your domain" if your setup was done correctly.




3) SPF


This tutorial shows how to implement SPF (Sender Policy Framework) in a Postfix 2.x installation. The Sender Policy Framework is an open standard specifying a technical method to prevent sender address forgery (see http://www.openspf.org/Introduction). There are lots of SPF extensions and patches available for Postfix, but most require that you recompile Postfix. Therefore we will install the postfix-policyd-spf-perl package from openspf.org which is a Perl package and can be implemented in existing Postfix installations (no Postfix compilation required).


I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!





1 Preliminary Note
I assume that you have already set up a working Postfix mail server.


The following procedure is distribution-independent, i.e., it should work on any Linux distribution (however, I tested this on Debian Etch).





2 Install Required Perl Modules
The postfix-policyd-spf-perl package depends on the Mail::SPF and the NetAddr::IP Perl modules. Therefore we are going to install them now using the Perl shell. Start the Perl shell like this:


perl -MCPAN -e shell


If you run the Perl shell for the first time, you will be asked a few questions. You can accept all default values. You will also be asked about the CPAN repositories to use. Select repositories that are close to you.


After the initial Perl shell configuration, we can start to install the needed modules. To install Mail::SPF, simply run


install Mail::SPF


In my case, it tried to install Module::Build (which is a dependency), but then it failed. If this happens to you, simply quit the Perl shell by typing


q


Then start the Perl shell again:


perl -MCPAN -e shell


and try to install Mail::SPF again:


install Mail::SPF


This time it should succeed, and you should see that it also installs the modules Net:NS::Resolver:rogrammable and NetAddr::IP on which Mail::SPF depends.


A successful installation of Mail:SPF should end like this:


Installing /usr/local/bin/spfquery
Writing /usr/local/lib/perl/5.8.8/auto/Mail/SPF/.packlist
/usr/bin/make install -- OK


Because NetAddr::IP has already been installed, we can now leave the Perl shell:


q





3 Install postfix-policyd-spf-perl
Next we download postfix-policyd-spf-perl from http://www.openspf.org/Software to the /usr/src/ directory and install it to the /usr/lib/postfix/ directory like this:


cd /usr/src
wget http://www.openspf.org/blobs/postfix...l-2.001.tar.gz
tar xvfz postfix-policyd-spf-perl-2.001.tar.gz
cd postfix-policyd-spf-perl-2.001
cp postfix-policyd-spf-perl /usr/lib/postfix/policyd-spf-perl


Then we edit /etc/postfix/master.cf and add the following stanza at the end:


vi /etc/postfix/master.cf


[...]
policy unix - n n - - spawn
user=nobody argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl
(The leading spaces before user=nobody are important so that Postfix knows that this line belongs to the previous one!)


Then open /etc/postfix/main.cf and search for the smtpd_recipient_restrictions directive. You should have reject_unauth_destination in that directive, and right after reject_unauth_destination you add check_policy_service unixrivate/policy like this:


vi /etc/postfix/main.cf


[...]
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination,check_policy_service unixrivate/policy
[...]
or like this:


[...]
smtpd_recipient_restrictions =
[...]
reject_unauth_destination
check_policy_service unixrivate/policy
[...]
[...]
It is important that you specify check_policy_service AFTER reject_unauth_destination or else your system can become an open relay!


Then restart Postfix:


/etc/init.d/postfix restart


That's it already. You should check the README file that comes with the postfix-policyd-spf-perl package, it contains some important details about how postfix-policyd-spf-perl processes emails, e.g. like this part from the postfix-policyd-spf-perl-2.0001 README:


This version of the policy server always checks HELO before Mail From (older
versions just checked HELO if Mail From was null). It will reject mail that
fails either Mail From or HELO SPF checks. It will defer mail if there is a
temporary SPF error and the message would othersise be permitted
(DEFER_IF_PERMIT). If the HELO check produces a REJECT/DEFER result, Mail From
will not be checked.


If the message is not rejected or deferred, the policy server will PREPEND the
appropriate SPF Received header. In the case of multi-recipient mail, multiple
headers will get appended. If Mail From is anything other than completely empty
(i.e. ) then the Mail From result will be used for SPF Received (e.g. Mail
From None even if HELO is Pass).


The policy server skips SPF checks for connections from the localhost (127.) and
instead prepends and logs 'SPF skipped - localhost is always allowed.'




4) IP ROTATION VIA IP TABLES


First we need creating Interface aliases for your public IPs.


Let's say you have 5 ips


#ifup eth0:1
#ifup eth0:2
#ifup eth0:3
#ifup eth0:4




Now the iptables part.make sure your iptables support for statistic match module.


# iptables -m statistic -h
......
......
......
statistic match options:
--mode mode Match mode (random, nth)
random mode:
--probability p Probability
nth mode:
--every n Match every nth packet
--packet p Initial counter value (0 <= p <= n-1, default 0)
Next continue with iptables rule for rotating source IP addresses.


# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.2
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.3
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.4
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.5
# iptables -t nat -I POSTROUTING -m state --state NEW -p tcp --dport 25 -o eth0 -m statistic --mode nth --every 5 -j SNAT --to-source 202.XXX.XX.6
done



6) REVERSE DNS

The easiest way to get rDNS is to buy a domain with your VPS and ask you hosted to set up rDNS with your VPS, they will do it for free, a domain is not really expensive and it will save you some time .




7) Whitelisting


Whitelisting can help you to get your emails reach inbox instead of spam folder,

i will teach you now how to whitelist your self on some spam filter systems and some email providers.


First of all you must have a domain which have valid rDNS with your server, and you must have a web site on your domain. This may takes you some time, but i highly recommend you to make a fake marketing agency web site, i know this may sounds unethical and, maybe even, illegal ( okay, it's hard to believe it could illegal since there is tons of hosting companies, web design agency and so on, which are not registered anywhere ), and you can make some simple looking web site explaining that you are providing email marketing services to your clients. Make sure you make it clear that you have a ZERO tolerance to spam and that all emails you have in your lists are generated by you, bla bla, opt in, bla bla, cpan spam, bla bla, just google some email marketing agency and see what they say . This will helps you A LOT to get whitelisted almost anywere.


- AOL WHITELISTENING

URL : http://postmaster.aol.com/cgi-bin/wh...list_guides.pl

It's very easy to get on their whitelist, but if they get tons of spam complains about your message, you will be removed to blacklist list very fast ^^

- YAHOO WHITELISTENING

URL : http://help.yahoo.com/l/us/yahoo/mai...er/bulkv2.html

It's hard to get whitelisted on Yahoo, but give it a try.

HOTMAIL WHITELISTENING

URL : https://support.msn.com/eform.aspx?p...rpp&ct=eformts

SPAM FILTERS WHERE YOU CAN ASK FOR WHITELISTENING

- http://v4bl.org/

http://www.spamhauswhitelist.com/en/ - only with invite, so it's almost impossible to get there, but it's worth if you can

Basically here is the list of, almost, all spam filter systems, so Google their unblacklistening or whitelistening pages :

AHBL
ASPEWS
BACKSCATTERER
BARRACUDA
BBFHL2
BLOCKLIST.DE
BSB
BURNT-TECH
CASA-CBL
CASA-CBLPLUS
CBL
CHOON
DNS-SERVICIOS
EFnet RBL
IMP-SPAM
INPS_DE
INTERSERVER
ivmSIP
ivmSIP24
JIPPG
LASHBACK
MAILSPIKE-BL
MAILSPIKE-Z
NIXSPAM
NOMOREFUNN
PSBL
RATS-Dyna
RATS-NoPtr
RATS-Spam
REDHAWK
SEM-BACKSCATTER
SEM-BLACK
SORBS-DUHL
SORBS-SPAM
SORBS-WEB
SPAMCOP
Spamhaus-ZEN
UCEPROTECTL1
UCEPROTECTL2
UCEPROTECTL3
WPBL
BBFHL1
SWINOG



So that's it guys, if you followed my tutorial correctly you have just saved your self 100's of $ and learned something very useful.


Have fun and make some cash


Till next tutorial
相关帖子
回复

使用道具 举报

85

主题

925

广告币

2532

积分

高级会员

Rank: 4

积分
2532

社区QQ达人

发表于 2013-9-2 15:05:45 | 显示全部楼层
To strive,to seek,to find,and not to yield!
回复 支持 反对

使用道具 举报

4

主题

0

广告币

9

积分

禁止发言

积分
9

社区QQ达人

发表于 2013-9-2 15:12:29 | 显示全部楼层
好好好,楼主勤苦了啊
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

关于我们|联系我们|DMCA|广告服务|小黑屋|手机版|Archiver|Github|网站地图|AdvertCN

GMT+8, 2024-11-21 21:28 , Processed in 0.053425 second(s), 16 queries , Gzip On, MemCache On.

Copyright © 2001-2023, AdvertCN

Proudly Operating in Hong Kong.

快速回复 返回顶部 返回列表