使用frp透传软件搭建本地运行的私有邮箱服务器

起因：随着我公司在线应用软件的增多，比如wordpress、 next cloud、SuitCRM 、iFair等，许多场合都要求填写邮箱地址，绑定邮箱。因为不想将过多的数据存储于第三方空间，因此考虑在公司局域网内搭建一个私有的电子邮箱服务器，再通过公司域名，实现功能的透传。

零、用到的服务器环境介绍

0.1 外网固定ip的vps

Debian12 最小化安装，frps 0.53.2, nginx , 假设绑定的域名 www.abctest.com mail.abctest.com

该vps上运行了公司的官方网站，采用的是html5 + CSS 编写的静态单页网站，结合私有ssl证书，通过 https://www.abctest.com 访问。

0.2 局域网搭建的iRedMail邮箱服务器

Debian12 最小化安装，frpc 0.53.2

一、邮件服务器的搭建

1.1 假设域名： abctest.com 邮箱服务器： mail.abctest.com

这里服务器环境为Debian12最小化安装；邮箱服务器采用可交互式安装的 iRedMail，安装过程可以参考官网；安装的过程中，选择使用了PostgreSQL数据库，密码假设为： Abctest888；要求设置邮箱域，输入 abctest.com 即可；还要求设邮箱管理员postmaster@abctest.com 的密码，这里假设为 Abctest888

1.2 安装完成后如何进入邮箱：

这里假设邮件服务器在本地局域网的ip为 192.168.1.250

管理员模式登录：
* - iRedMail Admin: https://192.168.1.250/iredadmin
管理员账号：postmaster@abctest.com  密码：Abctest888普通用户模式登录  
* - Roundcube webmail: https://mail.abctest.com    ## 默认的webGUI
* - SOGo groupware: https://mail.abctest.com/SOGo/ ## SOGo登录GUI

1.3 安装完成后可以查看服务器的总体配置

1.3.1 基本配置如下

cat iRedMail-1.6.8/configexport STORAGE_BASE_DIR='/var/vmail'
export WEB_SERVER='NGINX'
export BACKEND_ORIG='PGSQL'
export BACKEND='PGSQL'
export VMAIL_DB_BIND_PASSWD='s9SmJbOlKpPzm5T8j5qDrxobekuDbpvL'
export VMAIL_DB_ADMIN_PASSWD='IhSdIIPzbzSSXUK0BfMM5rKmtri0qPsk'
export MLMMJADMIN_API_AUTH_TOKEN='qBQyzRCwHEOvRAYlhja5tAaXhhmBXQh4'
export NETDATA_DB_PASSWD='yx0nFXuiWJs7D26xeVCwZw4RAdjEtnCA'
export PGSQL_ROOT_PASSWD='Abctest888'
export FIRST_DOMAIN='abctest.com'
export DOMAIN_ADMIN_PASSWD_PLAIN='Abctest888'
export USE_IREDADMIN='YES'
export USE_ROUNDCUBE='YES'
export USE_SOGO='YES'
export USE_NETDATA='YES'
export USE_FAIL2BAN='YES'
export AMAVISD_DB_PASSWD='tPpwOzq33oVMISgktgS3f55IeRTWjKKz'
export IREDADMIN_DB_PASSWD='EVIH8ZTsCDv3jbowtmSMEd94LLDAkVtW'
export RCM_DB_PASSWD='y9lMIKGYsjtwE07MTIsZU1EzTbGIDZyT'
export SOGO_DB_PASSWD='21NHY4yp1Yjw1qkeF4mZ2EBzBlzKW5JM'
export SOGO_SIEVE_MASTER_PASSWD='QfnTNbkQmfSn965EnGiyNzysGO3shnou'
export IREDAPD_DB_PASSWD='7QcVfbX0QTSi0Lprxisefp1YIOtdmYxn'
export FAIL2BAN_DB_PASSWD='9D4j3twgaQTS06ioSluhPeXHPnELI2kI'
#EOF

1.3.2 安装完成后的邮箱服务器信息如下

cat iRedMail-1.6.8/iRedMail.tipsAdmin of domain abctest.com:* Account: postmaster@abctest.com* Password: Abctest888You can login to iRedAdmin with this account, login name is full email address.First mail user:* Username: postmaster@abctest.com* Password: Abctest888* SMTP/IMAP auth type: login* Connection security: STARTTLS or SSL/TLSYou can login to webmail with this account, login name is full email address.* Enabled services:  rsyslog postfix postgresql nginx php8.2-fpm dovecot clamav-daemon amavis clamav-freshclam sogo memcached fail2ban cron nftablesSSL cert keys (size: 4096):- /etc/ssl/certs/iRedMail.crt- /etc/ssl/private/iRedMail.keyMail Storage:- Mailboxes: /var/vmail/vmail1- Mailbox indexes:- Global sieve filters: /var/vmail/sieve- Backup scripts and backup copies: /var/vmail/backupPostgreSQL:* Admin user: postgres, Password: Abctest888* Bind account (read-only):- Name: vmail, Password: s9SmJbOlKpPzm5T8j5qDrxobekuDbpvL* Vmail admin account (read-write):- Name: vmailadmin, Password: IhSdIIPsacSSXUK0BfMM5rKrtmi0qPsk* Database stored in: /var/lib/postgresql/15/main* RC script: /etc/init.d/postgresql* Config files:* /etc/postgresql/15/main/postgresql.conf* /etc/postgresql/15/main/pg_hba.conf* Log file: /var/log/postgresql/* See also:- /root/iRedMail-1.6.8/runtime/pgsql_init.pgsql- /var/lib/postgresql/.pgpassSQL commands used to initialize database and import mail accounts:- /root/iRedMail-1.6.8/runtime/*.sqlPostfix:* Configuration files:- /etc/postfix- /etc/postfix/aliases- /etc/postfix/main.cf- /etc/postfix/master.cf* SQL/LDAP lookup config files:- /etc/postfix/pgsqlDovecot:* Configuration files:- /etc/dovecot/dovecot.conf- /etc/dovecot/dovecot-ldap.conf (For OpenLDAP backend)- /etc/dovecot/dovecot-mysql.conf (For MySQL backend)- /etc/dovecot/dovecot-pgsql.conf (For PostgreSQL backend)- /etc/dovecot/dovecot-used-quota.conf (For real-time quota usage)- /etc/dovecot/dovecot-share-folder.conf (For IMAP sharing folder)* Syslog config file:- /etc/rsyslog.d/1-iredmail-dovecot.conf (present if rsyslog >= 8.x)* RC script: /etc/init.d/dovecot* Log files:- /var/log/dovecot/dovecot.log- /var/log/dovecot/sieve.log- /var/log/dovecot/lmtp.log- /var/log/dovecot/lda.log (present if rsyslog >= 8.x)- /var/log/dovecot/imap.log (present if rsyslog >= 8.x)- /var/log/dovecot/pop3.log (present if rsyslog >= 8.x)- /var/log/dovecot/sieve.log (present if rsyslog >= 8.x)* See also:- /var/vmail/sieve/dovecot.sieve- Logrotate config file: /etc/logrotate.d/dovecotNginx:* Configuration files:- /etc/nginx/nginx.conf- /etc/nginx/sites-available/00-default.conf- /etc/nginx/sites-available/00-default-ssl.conf* Directories:- /etc/nginx- /var/www/html* See also:- /var/www/html/index.htmlphp-fpm:* Configuration files: /etc/php/8.2/fpm/pool.d/www.confPHP:* PHP config file for Nginx:* Disabled functions: posix_uname,eval,pcntl_wexitstatus,posix_getpwuid,xmlrpc_entity_decode,pcntl_wifstopped,pcntl_wifexited,pcntl_wifsignaled,phpAds_XmlRpc,pcntl_strerror,ftp_exec,pcntl_wtermsig,mysql_pconnect,proc_nice,pcntl_sigtimedwait,posix_kill,pcntl_sigprocmask,fput,phpinfo,system,phpAds_remoteInfo,ftp_login,inject_code,posix_mkfifo,highlight_file,escapeshellcmd,show_source,pcntl_wifcontinued,fp,pcntl_alarm,pcntl_wait,ini_alter,posix_setpgid,parse_ini_file,ftp_raw,pcntl_waitpid,pcntl_getpriority,ftp_connect,pcntl_signal_dispatch,pcntl_wstopsig,ini_restore,ftp_put,passthru,proc_terminate,posix_setsid,pcntl_signal,pcntl_setpriority,phpAds_xmlrpcEncode,pcntl_exec,ftp_nb_fput,ftp_get,phpAds_xmlrpcDecode,pcntl_sigwaitinfo,shell_exec,pcntl_get_last_error,ftp_rawlist,pcntl_fork,posix_setuidClamAV:* Configuration files:- /etc/clamav/clamd.conf- /etc/clamav/freshclam.conf- /etc/logrotate.d/clamav* RC scripts:+ /etc/init.d/clamav-daemon+ /etc/init.d/clamav-freshclamAmavisd-new:* Configuration files:- /etc/amavis/conf.d/50-user- /etc/postfix/master.cf- /etc/postfix/main.cf* RC script:- /etc/init.d/amavis* SQL Database:- Database name: amavisd- Database user: amavisd- Database password: tPpwOzq33oVMISgktgS3f55IeRTWjKKzDNS record for DKIM support:; key#1 2048 bits, s=dkim, d=abctest.com, /var/lib/dkim/abctest.com.pem
dkim._domainkey.abctest.com.        3600 TXT ("v=DKIM1; p=""MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9BKQ0Q821NN1IC8FbzC""3Uq1XGF/10xypU6LUZpNudmvqApCAQDXcyvMIiYwFhejtMdeLbk+qbywuiHGRs3Y""OlJ/fGTTgIUL8qx3IfxEjtvvsU90fi94721+1kCKy7SyFHXgkyjlRTUXkUnF3HplIV6""TWlXBp9GvpSXW5ZNfBG3zFM2NZTt3A8psKbHs6FQyZ6Z7fMi+cKEktRrg2e4P2kx""wfJ25W+FGTVI//H1AsE3ZfjV+RQj1rjB2d5Vpls1SZCA3Q6nqc5lDufPxnmviC9F""VvjN3K9XcF9beSCV3oTgQUz6PRNuli7/5TMkTUP/DqigodyQqubARdMFPDNn3+pX""JQIDAQAB")
SpamAssassin:* Configuration files and rules:- /etc/mail/spamassassin- /etc/mail/spamassassin/local.cfiRedAPD - Postfix Policy Server:* Version: 5.3.3* Listen address: 127.0.0.1, port: 7777* SQL database account:- Database name: iredapd- Username: iredapd- Password: 7QcVfbX0QTSi9Lprxisekl1YIOtdmYvz* Configuration file:- /opt/iredapd/settings.py* Related files:- /opt/iRedAPD-5.3.3- /opt/iredapd (symbol link to /opt/iRedAPD-5.3.3iRedAdmin - official web-based admin panel:* Version: 2.5* Root directory: /opt/www/iRedAdmin-2.5* Config file: /opt/www/iRedAdmin-2.5/settings.py* Web access:- URL: https://mail.abctest.com/iredadmin/- Username: postmaster@abctest.com- Password: Abctest888* SQL database:- Database name: iredadmin- Username: iredadmin- Password: EVIH8ZTsCDa9jbowtmSMEd63LLDAkVtWRoundcube webmail: /opt/www/roundcubemail-1.6.5* Config file: /opt/www/roundcubemail-1.6.5/config* Web access:- URL: http://mail.abctest.com/mail/ (will be redirected to https:// site)- URL: https://mail.abctest.com/mail/ (secure connection)- Username: postmaster@abctest.com- Password: Abctest888* SQL database account:- Database name: roundcubemail- Username: roundcube- Password: y5lMIKGYsjtwE07MTIsZU2EzTbGIDZyT* Cron job:- Command: "crontab -l -u root"SOGo Groupware:* Web access: httpS://mail.abctest.com/SOGo/* Main config file: /etc/sogo/sogo.conf* Nginx template file: /etc/nginx/templates/sogo.tmpl* Database:- Database name: sogo- Database user: sogo- Database password: 75NHY4yp1Yjw1qkeF3mZ2EBzBlzKW0JM* SOGo sieve account (Warning: it's a Dovecot Master User):- file: /etc/sogo/sieve.cred- username: sogo_sieve_master@not-exist.com- password: QfnTNbkQmfSn371EnGiyNzysGO8shnou* See also:- cron job of system user: sogonetdata (monitor):- Config files:- All config files: /opt/netdata/etc/netdata- Main config file: /opt/netdata/etc/netdata/netdata.conf- Modified modular config files:- /opt/netdata/etc/netdata/go.d- /opt/netdata/etc/netdata/python.d- HTTP auth file (if you need a new account to access netdata, pleaseupdate this file with command like 'htpasswd' or edit manually):- /etc/nginx/netdata.users- Log directory: /opt/netdata/var/log/netdata- SQL:- Username: netdata- Password: yx4nFXuiWJs9D38xeVCwZw1RAdjEtnCA- NOTE: No database required by netdata.

1.4 管理员登录界面和普通用户登录界面

二、frp 软件的设置

可参考我的两篇文章

frp透传软件最新toml格式的配置文件的使用_frpc toml设置-CSDN博客

利用frps搭建本地自签名https服务的透传_frp配置ssl-CSDN博客

假设我们的域名服务器就是frps服务器，也就是 www.abctest.com

2.1 frps.toml的配置

cat /etc/frp/frps.tomlbindPort = 7777
vhostHTTPSPort = 443
vhostHTTPPort = 8080

2.2 frpc.toml的配置

主要是对邮箱服务所需的特定端口进行绑定，类型都是tcp

 cat /etc/frp/frpc.tomlserverAddr = "www.abctest.com"
serverPort = 7777[[proxies]]
name = "ssh-250"
type = "tcp"
localIP = "127.0.0.1"
localPort = 33250
remotePort = 33250[[proxies]]
name = "web-250"
type = "https"
localPort = 443
customDomains = ["mail.abctest.com"][[proxies]]
name = "smtp-250"
type = "tcp"
localPort = 25
remotePort = 25[[proxies]]
name = "submission-250"
type = "tcp"
localPort = 587
remotePort =587[[proxies]]
name = "pop3-250"
type = "tcp"
localPort = 110
remotePort =110[[proxies]]
name = "pop3s-250"
type = "tcp"
localPort = 995
remotePort =995[[proxies]]
name = "imap-250"
type = "tcp"
localPort = 143
remotePort = 143[[proxies]]
name = "imaps-250"
type = "tcp"
localPort = 993
remotePort = 993

三、服务端nginx对域名 mail.abctest.com 的自动转发

因为外网vps运行的是 frps以及一个官网网页，所以已经占据了80端口和443端口，要想实现对 https://mail.abctest.com 的转发，需要新增一个 nginx 虚拟机的配置。配置文件内容如下

 cat /etc/nginx/conf.d/mail.confserver {listen      80 ;listen      [::]:80 ;server_name mail.abctest.com;rewrite ^/(.*)$ https://mail.abctest.com:443/$1 permanent;#               location / {#  proxy_pass http://127.0.0.1:443;# }}

局域网内 iRedMail服务器的 nginx设置

将 /etc/nginx/sites-enabled/{00-default-ssl.conf，00-default.conf} 这两个配置文件中的 server_name 配置上 mail.abctest.com 即可！！

重启vps和本地iRedMail 服务器上的 nginx

连接测试一下