├── mails0.png ├── mails1.png ├── mails2.png ├── mails3.png ├── mails4.png ├── Readme.md └── mail_install.sh /mails0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sumerzhang/PhishingInstall/HEAD/mails0.png -------------------------------------------------------------------------------- /mails1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sumerzhang/PhishingInstall/HEAD/mails1.png -------------------------------------------------------------------------------- /mails2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sumerzhang/PhishingInstall/HEAD/mails2.png -------------------------------------------------------------------------------- /mails3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sumerzhang/PhishingInstall/HEAD/mails3.png -------------------------------------------------------------------------------- /mails4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sumerzhang/PhishingInstall/HEAD/mails4.png -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- 1 | ## 0x01 前言 2 | ``` 3 | 为什么要自己搭邮服发信 4 | 5 | 第一,灵活方便,随用随搭,一旦上了有价值的目标之后就立即销毁,相对目标自身的实际价值来讲,这个成本并不算非常高,只有在用的时候才把邮件服务开起来,不用的时候就关掉 6 | 第二,全程可控,用各种第三方邮服去代发的问题就在于你根本不知道别人到底在后端做了啥(但你做了啥,别人却看的一清二楚),当然,不仅仅只是这一个方面 7 | 第三,把这个再稍微延申扩展下,比如,写个漂亮的GUI套上,转身一变其实就是个很好的开源钓鱼平台 8 | 9 | 等等等等等等....不再赘述 10 | ``` 11 | 12 | ## 0x02 部署前准备 13 | ``` 14 | 首先,去申请一个近似域名(即跟目标相似度最高的域名,不建议用伪造,通常都会直接被各种邮件网关拦掉),然后再到域名里去添加好如下记录 15 | 16 | 一条名为mail的A记录,指向 vpsip 17 | 一条MX记录 @ ,指向 mail.yourdomain.com,优先级1 18 | 一条名为smtp的CNAME记录,指向mail.yourdomain.com 19 | 一条名为pop3的CNAME记录,指向mail.yourdomain.com 20 | 一条名为imap的CNAME记录,指向mail.yourdomain.com 21 | 一条txt记录, @ 值为 v=spf1 a mx -all 22 | ``` 23 | 24 | ## 0x03 VPS上执行初始操作 25 | ``` 26 | # passwd 27 | # echo "mail.yourdomain.com" > /etc/hostname 28 | # echo yourvpsip mail.yourdomain.com >> /etc/hosts 29 | # shutdown -r now 30 | # 之后,等上大概个半小时左右(其实可能要不了这么久),主要是为了等域名解析记录生效,之后再开始执行该脚本 31 | 32 | 详细确认您的VPS厂商是否允许所有邮件服务端口正常通信(安全组是否已放开相关邮件服务端口) 33 | 很多厂商为了避免vps被用来滥发垃圾邮件而导致ip被标记,默认会直接禁掉25端口通信 34 | 最后,再仔细确认下自己的VPS IP和域名曾经是否进过各种黑名单,比如,曾经被人用来做过C2,RAT域名,发过垃圾邮件 等等等...这些问题后续都会严重影响邮件的实际送达率 35 | ``` 36 | 37 | ## 0x04 脚本最终会部署的环境 38 | ``` 39 | 包括 Certbot + Postfix + Dovecot + Opendkim ... 40 | 41 | 时间仓促,脚本写的并不是很精细,有空的话,可以把所有的前期检测及服务起停动作都可以写成函数进行调用,方便一些 42 | ``` 43 | 44 | ## 0x05 最终实际部署效果 45 | ![demo](mails0.png) 46 | ![demo](mails1.png) 47 | ![demo](mails2.png) 48 | ![demo](mails3.png) 49 | ![demo](mails4.png) 50 | -------------------------------------------------------------------------------- /mail_install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # 前言 4 | # 为什么要自己搭邮服发信 5 | # 第一,灵活方便,随用随搭,一旦上了有价值的目标之后就立即销毁,相对目标自身的实际价值来讲,这个成本并不算非常高,只有在用的时候才把邮件服务开起来,不用的时候就关掉 6 | # 第二,全程可控,用各种第三方邮服去代发的问题就在于你根本不知道别人到底在后端做了啥(但你做了啥,别人却看的一清二楚),当然,不仅仅只是这一个方面 7 | # 第三,把这个再稍微延申扩展下,比如,写个漂亮的GUI套上,转身一变其实就是个很好的开源钓鱼平台 8 | # 等等等等等等....不再赘述 9 | 10 | # 大致部署过程如下 11 | # 首先,去申请一个近似域名(即跟目标相似度最高的域名,不建议用伪造,通常都会直接被各种邮件网关拦掉),然后再到域名里去添加好如下记录 12 | # 一条名为mail的A记录,指向 vpsip 13 | # 一条MX记录 @ ,指向 mail.yourdomain.com,优先级1 14 | # 一条名为smtp的CNAME记录,指向mail.yourdomain.com 15 | # 一条名为pop3的CNAME记录,指向mail.yourdomain.com 16 | # 一条名为imap的CNAME记录,指向mail.yourdomain.com 17 | # 一条txt记录, @ 值为 v=spf1 a mx -all 18 | 19 | # 接着,去自己的VPS上执行一些初始操作 20 | # passwd # 改密码 21 | # echo "mail.yourdomain.com" > /etc/hostname # 修改机器名 22 | # echo yourvpsip mail.yourdomain.com >> /etc/hosts # 修改解析 23 | # shutdown -r now # 最后,重启系统使之生效 24 | # 之后,等上大概个半小时左右(其实可能要不了这么久),主要是为了等域名解析记录生效,之后再开始执行该脚本 25 | 26 | # 详细确认您的VPS厂商是否允许所有邮件服务端口正常通信(安全组是否已放开相关邮件服务端口) 27 | # 很多厂商为了避免vps被用来滥发垃圾邮件而导致ip被标记,默认会直接禁掉25端口通信 28 | # 最后,再仔细确认下自己的VPS IP和域名曾经是否进过各种黑名单,比如,曾经被人用来做过C2,RAT域名,发过垃圾邮件 等等等...这些问题后续都会严重影响邮件的实际送达率 29 | 30 | # 脚本最终部署的环境,包括 Certbot + Postfix + Dovecot + Opendkim ... 31 | # 时间仓促,脚本写的并不是很精细,有空的话,可以把所有的前期检测及服务起停动作都可以写成函数进行调用,方便一些 32 | 33 | 34 | if [ $# -eq 0 ] || [ $# != 3 ] ;then 35 | echo -e "\n#####################################################################################" 36 | echo "# #" 37 | echo "# 发信平台一键部署脚本 (Tested on Ubuntu 16.04 LTS 64bit) #" 38 | echo "# #" 39 | echo "# Author: klion #" 40 | echo "# 2020.5.8 #" 41 | echo "# #" 42 | echo "#####################################################################################" 43 | echo "# #" 44 | echo "# Usage: #" 45 | echo "# /root/MailSrv_Autoinstall.sh 你的VPSIP 你的域名 接收测试邮件的邮箱(随意) #" 46 | echo "# /root/MailSrv_Autoinstall.sh \"13.29.117.68\" \"happy.com\" \"admin@boy.org\" #" 47 | echo "# #" 48 | echo -e "#####################################################################################\n" 49 | exit 50 | fi 51 | 52 | vpsip=$1 53 | yourdomain=$2 54 | yourmail=$3 55 | 56 | # 判断当前用户权限 57 | if [ `id -u` -ne 0 ];then 58 | echo -e "\n\033[33m请以 root 权限 运行该脚本! \033[0m\n" 59 | exit 60 | fi 61 | 62 | # 安装基础工具及相关依赖 63 | ping github.com -c 5 >/dev/null 2>&1 64 | if [ $? -eq 0 ];then 65 | echo -e "\n\e[92m请仔细确认域名的相关解析记录都已事先添加好且可正常解析 ! \e[0m" 66 | sleep 3 67 | echo -e "\e[94m网络正常,开始安装基础工具及相关依赖,请稍后...\e[0m" 68 | sleep 3 69 | apt-get update >/dev/null 2>&1 70 | apt-get install gcc gdb make cmake socat telnet tree tcpdump iptraf iftop nethogs lrzsz git unzip curl wget vim python2.7 python2.7-dev -y >/dev/null 2>&1 71 | if [ $? -eq 0 ];then 72 | echo -e "\e[94m相关工具及依赖库已全部安装成功,准备安装 Postfix,请稍后...\e[0m\n" 73 | sleep 3 74 | else 75 | echo -e "工具安装失败,请检查后重试!" 76 | exit 77 | fi 78 | else 79 | echo -e "网络连接似乎有问题,请检查后重试!" 80 | exit 81 | fi 82 | 83 | echo -e "=========================================================================\n" 84 | 85 | # 安装配置nc 86 | which "add-apt-repository" > /dev/null 87 | if [ $? -eq 0 ];then 88 | add-apt-repository universe >/dev/null 2>&1 89 | if [ $? -eq 0 ];then 90 | apt-get install netcat-traditional -y >/dev/null 2>&1 91 | if [ $? -eq 0 ];then 92 | echo -e "\e[94mNc 安装成功 ! \e[0m" 93 | update-alternatives --set nc /bin/nc.traditional >/dev/null 2>&1 94 | if [ $? -eq 0 ];then 95 | echo -e "\e[94mNc 配置成功 ! \e[0m\n" 96 | sleep 1 97 | else 98 | echo -e "Nc 配置失败,请检查后重试!" 99 | exit 100 | fi 101 | else 102 | echo -e "Nc 安装失败,请检查后重试!" 103 | exit 104 | fi 105 | else 106 | echo -e "PPA 添加失败,请检查后重试!" 107 | exit 108 | fi 109 | else 110 | echo -e "add-apt-repository 命令不存在,请尝试安装后重试!" 111 | exit 112 | fi 113 | 114 | 115 | # 判断当前系统中是否有占用邮件服务端口的进程 116 | arr=(25 110 143 465 587 993 995 8891) 117 | for(( i=0;i<${#arr[@]};i++)) 118 | do 119 | nc -z -v -w 2 127.0.0.1 ${arr[i]} >/dev/null 2>&1 120 | if [ $? -eq 0 ];then 121 | echo -e "${arr[i]} 端口被占用,请kill掉相关进程后重试!" 122 | exit 123 | fi 124 | done; 125 | 126 | # 检查当前系统之前是否已安装过邮件服务 127 | if [ -d "/etc/postfix/" ] ; then 128 | echo -e "Postfix 已安装,为尽可能避免后续出问题,请尝试卸载后再重新安装!" 129 | exit 130 | if [ -d "/etc/dovecot/" ] ;then 131 | echo -e "Dovecot 已安装,为尽可能避免后续出问题,请尝试卸载后再重新安装!" 132 | exit 133 | if [ -d "/etc/letsencrypt/" ] ;then 134 | echo -e "Certbot 可能已经安装过,为尽可能避免后续出问题,请尝试删除证书目录后再重新申请!" 135 | exit 136 | fi 137 | fi 138 | fi 139 | 140 | echo -e "=========================================================================\n" 141 | 142 | # 安装postfix 143 | which "debconf-set-selections" > /dev/null 144 | if [ $? -eq 0 ];then 145 | echo -e "\e[94m开始安装Postfix,请稍后...\e[0m" 146 | debconf-set-selections <<< "postfix postfix/mailname string mail.${yourdomain}" 147 | debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'" 148 | if [ $? -eq 0 ];then 149 | apt-get install --assume-yes postfix -y >/dev/null 2>&1 150 | if [ $? -eq 0 ];then 151 | echo -e "\e[94mPostfix安装成功,准备安装Certbot,请稍后...\e[0m\n" 152 | sleep 3 153 | else 154 | echo -e "Postfix安装失败,请检查后重试..." 155 | exit 156 | fi 157 | else 158 | echo -e "Debconf Set 失败,请检查后重试..." 159 | exit 160 | fi 161 | else 162 | echo -e "Debconf 不存在,请手工安装后重试..." 163 | exit 164 | fi 165 | 166 | echo -e "=========================================================================\n" 167 | 168 | # 安装certbot,申请免费证书,此处务必要注意,同一个域名不能申请次数太多,貌似三次就不给了 169 | apt-get install certbot -y >/dev/null 2>&1 170 | if [ $? -eq 0 ];then 171 | echo -e "\e[94mCertbot安装成功,准备申请证书\e[0m" 172 | certbot certonly --non-interactive --standalone -d mail.${yourdomain} --agree-tos -m ad@svr.org >/dev/null 2>&1 173 | if [ $? -eq 0 ] && [ -d "/etc/letsencrypt/live/mail.${yourdomain}/" ]; then 174 | echo -e "\e[94m证书申请成功,开始配置Postfix, 请稍后...\e[0m\n" 175 | else 176 | echo -e "证书申请失败,请检查后重试..." 177 | exit 178 | fi 179 | else 180 | echo -e "Certbot安装失败,请检查后重试..." 181 | exit 182 | fi 183 | 184 | echo -e "=========================================================================\n" 185 | 186 | # 配置 Postfix 187 | cat << EOF > /etc/postfix/main.cf 188 | myhostname = mail.${yourdomain} 189 | myorigin = $mydomain 190 | mydomain = ${yourdomain} 191 | mydestination = $mydomain, $myhostname, mail.${yourdomain}, localhost.${yourdomain}, , localhost 192 | smtpd_banner = $myhostname ESMTP $mail_name (TmpSrv) 193 | home_mailbox = Maildir/ 194 | mynetworks = 0.0.0.0 ${vpsip} 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 195 | biff = no 196 | append_dot_mydomain = no 197 | readme_directory = no 198 | smtpd_tls_cert_file=/etc/letsencrypt/live/mail.${yourdomain}/fullchain.pem 199 | smtpd_tls_key_file=/etc/letsencrypt/live/mail.${yourdomain}/privkey.pem 200 | smtpd_use_tls=yes 201 | smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache 202 | smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache 203 | smtpd_sasl_type = dovecot 204 | smtpd_sasl_path = private/auth 205 | smtpd_sasl_local_domain = 206 | smtpd_sasl_security_options = noanonymous 207 | broken_sasl_auth_clients = yes 208 | smtpd_sasl_auth_enable = yes 209 | smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination 210 | smtp_tls_security_level = may 211 | smtpd_tls_security_level = may 212 | smtp_tls_note_starttls_offer = yes 213 | smtpd_tls_loglevel = 1 214 | smtpd_tls_received_header = yes 215 | smtpd_milters = inet:127.0.0.1:8891 216 | non_smtpd_milters = inet:127.0.0.1:8891 217 | milter_protocol = 2 218 | milter_default_action = accept 219 | disable_vrfy_command = yes 220 | smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination 221 | myhostname = mail.${yourdomain} 222 | alias_maps = hash:/etc/aliases 223 | alias_database = hash:/etc/aliases 224 | myorigin = /etc/mailname 225 | relayhost = 226 | mailbox_size_limit = 0 227 | recipient_delimiter = + 228 | inet_interfaces = all 229 | inet_protocols = all 230 | EOF 231 | if [ $? -eq 0 ];then 232 | echo -e "\e[94m/etc/postfix/main.cf 配置修改成功 ! \e[0m" 233 | sleep 2 234 | else 235 | echo -e "/etc/postfix/main.cf 配置修改失败,请检查后重试... !" 236 | exit 237 | fi 238 | 239 | cat << EOF > /etc/postfix/master.cf 240 | smtp inet n - y - - smtpd 241 | submission inet n - y - - smtpd 242 | -o syslog_name=postfix/submission 243 | -o smtpd_tls_security_level=encrypt 244 | -o smtpd_sasl_auth_enable=yes 245 | -o smtpd_relay_restrictions=permit_sasl_authenticated,reject 246 | -o milter_macro_daemon_name=ORIGINATING 247 | smtps inet n - y - - smtpd 248 | -o syslog_name=postfix/smtps 249 | -o smtpd_tls_wrappermode=yes 250 | -o smtpd_sasl_auth_enable=yes 251 | -o smtpd_relay_restrictions=permit_sasl_authenticated,reject 252 | -o milter_macro_daemon_name=ORIGINATING 253 | pickup unix n - y 60 1 pickup 254 | cleanup unix n - y - 0 cleanup 255 | qmgr unix n - n 300 1 qmgr 256 | tlsmgr unix - - y 1000? 1 tlsmgr 257 | rewrite unix - - y - - trivial-rewrite 258 | bounce unix - - y - 0 bounce 259 | defer unix - - y - 0 bounce 260 | trace unix - - y - 0 bounce 261 | verify unix - - y - 1 verify 262 | flush unix n - y 1000? 0 flush 263 | proxymap unix - - n - - proxymap 264 | proxywrite unix - - n - 1 proxymap 265 | smtp unix - - y - - smtp 266 | relay unix - - y - - smtp 267 | showq unix n - y - - showq 268 | error unix - - y - - error 269 | retry unix - - y - - error 270 | discard unix - - y - - discard 271 | local unix - n n - - local 272 | virtual unix - n n - - virtual 273 | lmtp unix - - y - - lmtp 274 | anvil unix - - y - 1 anvil 275 | scache unix - - y - 1 scache 276 | maildrop unix - n n - - pipe 277 | flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} 278 | uucp unix - n n - - pipe 279 | flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) 280 | ifmail unix - n n - - pipe 281 | flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) 282 | bsmtp unix - n n - - pipe 283 | flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient 284 | scalemail-backend unix - n n - 2 pipe 285 | flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} 286 | mailman unix - n n - - pipe 287 | flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py 288 | ${nexthop} ${user} 289 | EOF 290 | if [ $? -eq 0 ];then 291 | echo -e "\e[94m/etc/postfix/master.cf 配置修改成功, 准备安装Dovecot, 请稍后...\e[0m\n" 292 | sleep 2 293 | else 294 | echo -e "/etc/postfix/master.cf 配置修改失败,请检查后重试...!\n" 295 | exit 296 | fi 297 | 298 | echo -e "=========================================================================\n" 299 | 300 | # 安装 Dovecot 301 | apt-get install dovecot-core dovecot-imapd dovecot-pop3d -y >/dev/null 2>&1 302 | if [ $? -eq 0 ];then 303 | echo -e "\e[94mDovecot安装成功,准备配置Dovecot,请稍后...\e[0m" 304 | sleep 2 305 | else 306 | echo -e "Dovecot安装失败,请检查后重试..." 307 | exit 308 | fi 309 | 310 | cat << EOF > /etc/dovecot/conf.d/10-master.conf 311 | service imap-login { 312 | inet_listener imap { 313 | } 314 | inet_listener imaps { 315 | } 316 | } 317 | service pop3-login { 318 | inet_listener pop3 { 319 | } 320 | inet_listener pop3s { 321 | } 322 | } 323 | service lmtp { 324 | unix_listener lmtp { 325 | } 326 | } 327 | service imap { 328 | } 329 | service pop3 { 330 | } 331 | service auth { 332 | unix_listener auth-userdb { 333 | } 334 | unix_listener /var/spool/postfix/private/auth { 335 | mode = 0666 336 | user = postfix 337 | group = postfix 338 | } 339 | } 340 | service auth-worker { 341 | } 342 | service dict { 343 | unix_listener dict { 344 | } 345 | } 346 | EOF 347 | if [ $? -eq 0 ];then 348 | echo -e "\e[94m/etc/dovecot/conf.d/10-master.conf 配置修改成功 ! \e[0m" 349 | sleep 2 350 | else 351 | echo -e "/etc/dovecot/conf.d/10-master.conf 配置修改失败,请检查后重试!" 352 | exit 353 | fi 354 | 355 | 356 | cat << EOF > /etc/dovecot/conf.d/10-auth.conf 357 | auth_mechanisms = plain login 358 | !include auth-system.conf.ext 359 | 360 | # egrep -v '^$|#' /etc/dovecot/conf.d/10-mail.conf 361 | mail_location = maildir:~/Maildir 362 | namespace inbox { 363 | inbox = yes 364 | } 365 | EOF 366 | if [ $? -eq 0 ];then 367 | echo -e "\e[94m/etc/dovecot/conf.d/10-auth.conf 配置修改成功 ! \e[0m" 368 | sleep 2 369 | else 370 | echo -e "/etc/dovecot/conf.d/10-auth.conf 配置修改失败,请检查后重试!" 371 | exit 372 | fi 373 | 374 | cat << EOF > /etc/dovecot/conf.d/20-pop3.conf 375 | pop3_uidl_format = %08Xu%08Xv 376 | protocol pop3 { 377 | } 378 | EOF 379 | if [ $? -eq 0 ];then 380 | echo -e "\e[94m/etc/dovecot/conf.d/20-pop3.conf 配置修改成功 ! \e[0m" 381 | sleep 2 382 | else 383 | echo -e "/etc/dovecot/conf.d/20-pop3.conf 配置修改失败,请检查后重试!" 384 | exit 385 | fi 386 | 387 | cat << EOF > /etc/dovecot/conf.d/10-ssl.conf 388 | ssl = yes 389 | ssl_cert = /dev/null 2>&1 404 | if [ $? -eq 0 ];then 405 | echo -e "\e[94mOpendkim 安装成功 ! \e[0m" 406 | sleep 2 407 | else 408 | echo -e "Opendkim 安装失败,请检查后重试!" 409 | exit 410 | fi 411 | 412 | mkdir -p /var/run/opendkim 413 | if [ -d "/var/run/opendkim/" ]; then 414 | echo -e "\e[94m/var/run/opendkim/ 目录创建成功 ! \e[0m" 415 | sleep 2 416 | mkdir /etc/opendkim 417 | if [ -d "/etc/opendkim" ]; then 418 | echo -e "\e[94m/etc/opendkim 目录创建成功! 准备配置Opendkim ,请稍后...\e[0m" 419 | chown -R opendkim:opendkim /var/run/opendkim 420 | sleep 2 421 | else 422 | echo -e "/etc/opendkim 目录创建失败,请检查后重试!" 423 | exit 424 | fi 425 | else 426 | echo -e "/var/run/opendkim/ 目录创建失败,请检查后重试!" 427 | exit 428 | fi 429 | 430 | cat << EOF > /etc/opendkim.conf 431 | Syslog yes 432 | UMask 002 433 | Domain ${yourdomain} 434 | Canonicalization relaxed/relaxed 435 | Mode sv 436 | OversignHeaders From 437 | TrustAnchorFile /usr/share/dns/root.key 438 | ExternalIgnoreList refile:/etc/opendkim/TrustedHosts 439 | InternalHosts refile:/etc/opendkim/TrustedHosts 440 | KeyTable refile:/etc/opendkim/KeyTable 441 | LogWhy Yes 442 | PidFile /var/run/opendkim/opendkim.pid 443 | SigningTable refile:/etc/opendkim/SigningTable 444 | Socket inet:8891@127.0.0.1 445 | SyslogSuccess Yes 446 | TemporaryDirectory /var/tmp 447 | UserID opendkim:opendkim 448 | EOF 449 | 450 | if [ $? -eq 0 ];then 451 | echo -e "\e[94m/etc/opendkim.conf 配置修改成功 ! \e[0m" 452 | sleep 2 453 | else 454 | echo -e "/etc/opendkim.conf 配置修改失败,请检查后重试!" 455 | exit 456 | fi 457 | 458 | mkdir /etc/opendkim/keys/${yourdomain} -p 459 | if [ -d "/etc/opendkim/keys/${yourdomain}" ]; then 460 | echo -e "\e[94m/etc/opendkim/keys/${yourdomain} 目录创建成功 ! \e[0m" 461 | sleep 2 462 | else 463 | echo -e "/etc/opendkim/keys/${yourdomain} 目录创建失败! 请检查后重试!" 464 | exit 465 | fi 466 | 467 | opendkim-genkey -D /etc/opendkim/keys/${yourdomain}/ -d ${yourdomain} -s default 468 | if [ $? -eq 0 ];then 469 | echo -e "\e[94mopendkim-genkey 生成成功! \e[0m" 470 | echo "default._domainkey.${yourdomain} ${yourdomain}:default:/etc/opendkim/keys/${yourdomain}/default.private" > /etc/opendkim/KeyTable 471 | echo "*@${yourdomain} default._domainkey.${yourdomain}" > /etc/opendkim/SigningTable 472 | echo "127.0.0.1" > /etc/opendkim/TrustedHosts 473 | sleep 2 474 | else 475 | echo -e "opendkim-genkey 生成失败, 请检查后重试!" 476 | fi 477 | 478 | cat << EOF > /etc/default/opendkim 479 | SOCKET="local:/var/run/opendkim/opendkim.sock" 480 | SOCKET="inet:8891@127.0.0.1" 481 | EOF 482 | if [ $? -eq 0 ];then 483 | echo -e "\e[94m/etc/default/opendkim 配置修改成功 ! \e[0m\n" 484 | chown -R opendkim:opendkim /etc/opendkim/keys/${yourdomain} 485 | sleep 2 486 | else 487 | echo -e "/etc/default/opendkim 配置修改失败,请检查后重试!" 488 | exit 489 | fi 490 | 491 | echo -e "=========================================================================\n" 492 | 493 | # 启动邮件服务 494 | systemctl restart postfix.service 495 | if [ $? -eq 0 ];then 496 | echo -e "\e[94mPostfix 服务启动成功 ! \e[0m" 497 | sleep 3 498 | systemctl restart dovecot.service 499 | if [ $? -eq 0 ];then 500 | echo -e "\e[94mDovecot 服务启动成功 ! \e[0m" 501 | sleep 3 502 | systemctl restart opendkim.service 503 | if [ $? -eq 0 ];then 504 | echo -e "\e[94mOpendkim 服务启动成功 ! \e[0m\n" 505 | sleep 3 506 | else 507 | echo -e "Opendkim 服务启动失败! 请检查后重试...!" 508 | exit 509 | fi 510 | else 511 | echo -e "Dovecot 服务启动失败! 请检查后重试...!" 512 | exit 513 | fi 514 | else 515 | echo -e "Postfix 服务启动失败! 请检查后重试...!" 516 | exit 517 | fi 518 | 519 | echo -e "=========================================================================\n" 520 | 521 | # 握手测试 522 | openssl s_client -showcerts -connect mail.${yourdomain}:465 <<< 'Q' >/dev/null 2>&1 523 | if [ $? -eq 0 ];then 524 | echo -e "\e[94m465端口正常握手 ! \e[0m" 525 | sleep 2 526 | openssl s_client -showcerts -connect mail.${yourdomain}:993 <<< 'Q' >/dev/null 2>&1 527 | if [ $? -eq 0 ];then 528 | echo -e "\e[94m993端口正常握手 ! \e[0m" 529 | sleep 2 530 | openssl s_client -showcerts -connect mail.${yourdomain}:995 <<< 'Q' >/dev/null 2>&1 531 | if [ $? -eq 0 ];then 532 | echo -e "\e[94m995端口正常握手 ! \e[0m" 533 | sleep 2 534 | else 535 | echo -e "995端口请求正常, 请检查后重试...!" 536 | exit 537 | fi 538 | else 539 | echo -e "993端口请求, 请检查后重试... !" 540 | exit 541 | fi 542 | else 543 | echo -e "465端口请求异常, 请检查后重试...!" 544 | exit 545 | fi 546 | 547 | if [ -f "/var/log/mail.log" ]; then 548 | echo -e "\e[94m邮件收发记录日志文件路径: /var/log/mail.log\e[0m\n" 549 | sleep 2 550 | else 551 | echo -e "请从头一步步仔细排查所有安装配置选项,而后重试\n" 552 | fi 553 | 554 | echo -e "=========================================================================\n" 555 | 556 | echo -e "请到自己的域名中添加一个名为 '\033[33m_dmarc\033[0m' 的txt记录,并将如下值写进入" 557 | echo -e "\e[94mv=DMARC1;p=none;rua=mailto:admin@${yourdomain}\e[0m" 558 | sleep 3 && echo 559 | 560 | echo -e "请到自己的域名中添加一个名为 '\033[33mdefault._domainkey\033[0m' 的txt记录,之后将如下值写入,此处脚本将等待八分钟后执行,以预留出足够的时间去添加记录" 561 | cat /etc/opendkim/keys/${yourdomain}/default.txt && echo 562 | sleep 480 563 | 564 | echo -e "=========================================================================\n" 565 | 566 | # 添加邮箱用户 567 | echo -e "\e[92m开始添加测试邮箱账户\e[0m\n" 568 | id system >/dev/null 2>&1 569 | if [ $? != 0 ];then 570 | useradd -m system -s /sbin/nologin 571 | echo -e "\e[94m邮箱账户system 添加成功 ! \e[0m" 572 | sleep 2 573 | id admin >/dev/null 2>&1 574 | if [ $? != 0 ];then 575 | useradd -m admin -s /sbin/nologin 576 | echo -e "\e[94m邮箱账户admin 添加成功 ! \e[0m" 577 | sleep 2 578 | id manager >/dev/null 2>&1 579 | if [ $? != 0 ];then 580 | useradd -m manager -s /sbin/nologin 581 | echo -e "\e[94m邮箱账户manager 添加成功 ! \e[0m\n" 582 | sleep 2 583 | else 584 | echo -e "邮箱账户manager 添加失败!" 585 | exit 586 | fi 587 | else 588 | echo -e "邮箱账户admin 添加失败!" 589 | exit 590 | fi 591 | else 592 | echo -e "邮箱账户system 添加失败!" 593 | exit 594 | fi 595 | 596 | echo -e "=========================================================================\n" 597 | 598 | # 注意,实际中也不建议去伪造(较大几率被拦截),用近似域名会相对好很多,此处的邮件内容是随便写的,实际用的时候替换下即可 599 | cat << EOF > mails.txt 600 | 601 | helo client 602 | MAIL FROM: 603 | RCPT TO:<${yourmail}> 604 | DATA 605 | MIME-Version: 1.0 606 | Content-Type: multipart/alternative; 607 | boundary="----=_Part_38945_682591813.1587958302122" 608 | From: =?GBK?B?0MXPorCyyKuyvw==?= 609 | To: ${yourmail} <${yourmail}> 610 | Subject: =?GBK?B?ob7Ptc2z08q8/iC3x7Oj1tjSqqG/vfzG2g==?= 611 | =?GBK?B?o6y5q8u+vOC/2M+1zbO3os/Wsr+31lZQTg==?= 612 | =?GBK?B?1cu6xbTm1NrS7LOjstnX99DQzqqjrMfrvLA=?= 613 | =?GBK?B?yrHW2NDCtcfCvNLUzeqzydXLusWwssir19S87A==?= 614 | 615 | ------=_Part_38945_682591813.1587958302122 616 | Content-Type: text/plain; charset=GBK 617 | Content-Transfer-Encoding: base64 618 | 619 | x9ewrrXEzazKwsPHo6wKCgoKCr38xtqjrLmry7684L/Yz7XNs7K21721vcSz0KlWUE7Vy7rFtObU 620 | 2sr9tM7S7LOjstnX99DQzqqjrLj5vt3O0su+o6i8r83Fo6nN+MLnsLLIq7nmtqijrM6qyLexo9XL 621 | usWwssiro6zP1tDo0qrL+dPQvt/T0FZQTrXHwrzIqM/etcTNrMrCxeS6z6Oozt5WUE61x8K8yKjP 622 | 3rXEzazKwr/J1rG907r2wtS0y9PKvP6jqaOsvqG/7NbY0MK1x8K8VlBOz7XNs9LUzeqzyVZQTtXL 623 | usWwssirvOyy6aOsILXHwrxWUE7Ptc2zIGh0dHBzOi8vc3NsdnBuLm1pdHJlLm9yZyCjrLzssum5 624 | /bPMvavIq7PM19S2r7340NCjrM7e0OjIy86quMnUpKOsvt/M5bLZ1/fI58/CzbzL+cq+o6zXoqOs 625 | 0+LG2s60vfjQ0LCyyKvX1LzstcRWUE7Vy7rFvavIq7K/sbvK1bvYu/LL+Laoo6zPtc2z08q8/qOs 626 | x+vO8LvWuLQKCgoKCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg 627 | ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg 628 | ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg 629 | ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg 630 | ICAgICAgICAgICAgICAgICAgICAgICAgICAgICDEs8SzuavLvqOovK/NxaOpILy8yvWyvwoKCgoK 631 | IAoKCgoKCiAKCgoKCgogCgoKCgoKIAoKCgoKCiAKCgoKCgog 632 | ------=_Part_38945_682591813.1587958302122 633 | Content-Type: text/html; charset=GBK 634 | Content-Transfer-Encoding: base64 635 | 636 | PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7 637 | Zm9udC1mYW1pbHk6QXJpYWwiPjxkaXYgc3R5bGU9ImxpbmUtaGVpZ2h0OjEuNztjb2xvcjojMDAw 638 | MDAwO2ZvbnQtc2l6ZToxNHB4O2ZvbnQtZmFtaWx5OkFyaWFsIj48ZGl2IHN0eWxlPSJsaW5lLWhl 639 | aWdodDoxLjc7Y29sb3I6IzAwMDAwMDtmb250LXNpemU6MTRweDtmb250LWZhbWlseTpBcmlhbCI+ 640 | PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7 641 | Zm9udC1mYW1pbHk6QXJpYWwiPjxkaXYgc3R5bGU9ImxpbmUtaGVpZ2h0OjEuNztjb2xvcjojMDAw 642 | MDAwO2ZvbnQtc2l6ZToxNHB4O2ZvbnQtZmFtaWx5OkFyaWFsIj48ZGl2IHN0eWxlPSJsaW5lLWhl 643 | aWdodDoxLjc7Y29sb3I6IzAwMDAwMDtmb250LXNpemU6MTRweDtmb250LWZhbWlseTpBcmlhbCI+ 644 | PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7 645 | Zm9udC1mYW1pbHk6QXJpYWwiPjxwIHN0eWxlPSJtYXJnaW46MDsiPjxzcGFuIHN0eWxlPSJmb250 646 | LXNpemU6IDE2cHg7Ij7H17CutcTNrMrCw8ejrDwvc3Bhbj48L3A+PHAgc3R5bGU9Im1hcmdpbjow 647 | OyI+PGJyPjwvcD48ZGl2IHN0eWxlPSJtYXJnaW46MDsiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6 648 | IDE2cHg7Ij48c3BhbiBzdHlsZT0iZm9udC1zaXplOiAxNnB4OyB3aGl0ZS1zcGFjZTogcHJlOyI+ 649 | CTwvc3Bhbj69/Mbao6y5q8u+vOC/2M+1zbOytte9tb3Es9CpVlBO1cu6xbTm1NrK/bTO0uyzo7LZ 650 | 1/fQ0M6qo6y4+b7dztLLvqOovK/NxaOpzfjC57CyyKu55raoo6zOqsi3saPVy7rFsLLIq6Osz9bQ 651 | 6NKqy/nT0L7f09BWUE61x8K8yKjP3rXEzazKwsXkus+jqDxzcGFuIHN0eWxlPSJmb250LXNpemU6 652 | IDE2cHg7IGNvbG9yOiByZ2IoMTMsIDM1LCA2NCk7Ij48Yj7O3lZQTrXHwrzIqM/etcTNrMrCv8nW 653 | sb3TuvbC1LTL08q8/jwvYj48L3NwYW4+o6mjrL6hv+zW2NDCtcfCvFZQTs+1zbPS1M3qs8lWUE7V 654 | y7rFsLLIq7zssumjrCZuYnNwOzwvc3Bhbj48YSBocmVmPSJodHRwczovL3NzbHZwbi5taXRyZS5v 655 | cmciIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTsgZm9udC1zaXplOiAxNnB4OyI+ 656 | PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTZweDsiPjxiPrXHwrxWUE7Ptc2zIGh0dHBzOi8vc3Ns 657 | dnBuLm1pdHJlLm9yZzwvYj48L3NwYW4+PC9hPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDE2cHg7 658 | Ij48Yj4mbmJzcDs8L2I+o6y87LLpuf2zzL2ryKuzzNfUtq+9+NDQo6zO3tDoyMvOqrjJ1KSjrL7f 659 | zOWy2df3yOfPws28y/nKvqOsPHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogMTZweDsgY29sb3I6IHJn 660 | YigyMjEsIDY0LCA1MCk7Ij48Yj7XoqOsPC9iPjwvc3Bhbj4gPHNwYW4gc3R5bGU9ImZvbnQtc2l6 661 | ZTogMTZweDsgY29sb3I6IHJnYigyMjEsIDY0LCA1MCk7Ij48Yj7T4sbazrS9+NDQsLLIq9fUvOy1 662 | xFZQTtXLusW9q8irsr+xu8rVu9i78sv4tqg8L2I+PC9zcGFuPjxzcGFuIHN0eWxlPSJmb250LXNp 663 | emU6IDE2cHg7IGNvbG9yOiByZ2IoMCwgMCwgMCk7Ij48Yj6jrDwvYj48Yj7Ptc2z08q8/qOsx+vO 664 | 8LvWuLQ8L2I+PC9zcGFuPjwvc3Bhbj48L2Rpdj48ZGl2IHN0eWxlPSJtYXJnaW46MDsiPjxicj48 665 | L2Rpdj48ZGl2IHN0eWxlPSJtYXJnaW46MDsiPjxicj48L2Rpdj48ZGl2IHN0eWxlPSJtYXJnaW46 666 | MDsiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IDE2cHg7Ij4mbmJzcDsgJm5ic3A7ICZuYnNwOyAm 667 | bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu 668 | YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i 669 | c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz 670 | cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw 671 | OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 672 | ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg 673 | Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm 674 | bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZu 675 | YnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5i 676 | c3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJz 677 | cDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNw 678 | OyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7 679 | ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsg 680 | Jm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7ICZuYnNwOyAm 681 | bmJzcDsgJm5ic3A7ICZuYnNwOyAmbmJzcDsgJm5ic3A7IMSzxLO5q8u+o6i8r83Fo6kgvLzK9bK/ 682 | PC9zcGFuPjwvZGl2PjwvZGl2Pjxicj48YnI+PHNwYW4gdGl0bGU9Im5ldGVhc2Vmb290ZXIiPjxw 683 | PiZuYnNwOzwvcD48L3NwYW4+PC9kaXY+PGJyPjxicj48c3BhbiB0aXRsZT0ibmV0ZWFzZWZvb3Rl 684 | ciI+PHA+Jm5ic3A7PC9wPjwvc3Bhbj48L2Rpdj48YnI+PGJyPjxzcGFuIHRpdGxlPSJuZXRlYXNl 685 | Zm9vdGVyIj48cD4mbmJzcDs8L3A+PC9zcGFuPjwvZGl2Pjxicj48YnI+PHNwYW4gdGl0bGU9Im5l 686 | dGVhc2Vmb290ZXIiPjxwPiZuYnNwOzwvcD48L3NwYW4+PC9kaXY+PGJyPjxicj48c3BhbiB0aXRs 687 | ZT0ibmV0ZWFzZWZvb3RlciI+PHA+Jm5ic3A7PC9wPjwvc3Bhbj48L2Rpdj48YnI+PGJyPjxzcGFu 688 | IHRpdGxlPSJuZXRlYXNlZm9vdGVyIj48cD4mbmJzcDs8L3A+PC9zcGFuPjwvZGl2Pjxicj48YnI+ 689 | PHNwYW4gdGl0bGU9Im5ldGVhc2Vmb290ZXIiPjxwPiZuYnNwOzwvcD48L3NwYW4+ 690 | ------=_Part_38945_682591813.1587958302122-- 691 | . 692 | quit 693 | EOF 694 | 695 | cat mails.txt | /bin/nc -vv mail.${yourdomain} 25 >/dev/null 2>&1 696 | if [ $? -eq 0 ];then 697 | # 如果收件箱找不到邮件,请到垃圾箱看看,一般前面配置没问题,域名/ip没进黑名单的情况下,几乎是不会进垃圾箱的 698 | echo -e "\e[94m测试邮件已发送成功,请前往 ${yourmail} 邮箱收件箱查看 ! \e[0m" 699 | echo -e "\e[94m恭喜! 至此,发信平台已全部部署完成 ! \e[0m\n" 700 | else 701 | echo -e "测试邮件发送失败,请从头逐步仔细核对您的所有邮件服务配置后重试 ! \n" 702 | exit 703 | fi 704 | 705 | rm -fr mails.txt 706 | 707 | # 一键停止所有邮件服务 708 | # systemctl stop postfix.service 709 | # if [ $? -eq 0 ];then 710 | # echo -e "\e[94mPostfix 服务已停止 ! \e[0m" 711 | # sleep 3 712 | # systemctl stop dovecot.service 713 | # if [ $? -eq 0 ];then 714 | # echo -e "\e[94mDovecot 服务已停止! \e[0m" 715 | # sleep 3 716 | # systemctl stop opendkim.service 717 | # if [ $? -eq 0 ];then 718 | # echo -e "\e[94mOpendkim 服务已停止! \e[0m\n" 719 | # sleep 3 720 | # else 721 | # echo -e "Opendkim 服务关闭失败! 请检查后重试...!" 722 | # exit 723 | # fi 724 | # else 725 | # echo -e "Dovecot 服务关闭失败! 请检查后重试...!" 726 | # exit 727 | # fi 728 | # else 729 | # echo -e "Postfix 服务关闭失败! 请检查后重试...!" 730 | # exit 731 | # fi 732 | 733 | 734 | # 批量延迟发信 735 | # while read -r line 736 | # do 737 | # sed -i 's/Targetmail/$line/g' mails.txt 738 | # sed -i 's/Mydomain/${Mydomain}/g' mails.txt 739 | # sleep 10 740 | # cat mails.txt | /bin/nc -vv mail.${Mydomain} 25 741 | # done < targetmails.txt 742 | 743 | 744 | --------------------------------------------------------------------------------